Modifying the Syslog Configuration for Security Devices

You can use the Syslog section on the Modify Configuration page to view and modify the parameters related to system logging on the device.

Note

Refer to the Junos OS documentation (available at http://www.juniper.net/documentation/en_US/release-independent/junos/information-products/pathway-pages/junos/product/) for a particular release and device. There you can find detailed information on the configuration parameters for that device.

To modify the system log parameters:

Select Devices > Security Devices.
The Security Devices page appears.
Select the devices whose configuration you want to modify.
From the More or right-click menu, select Configuration > Modify Configuration.
The Modify Configuration page appears.
Click the Syslog link in the left-navigation menu.
The Syslog section on the Modify Configuration page is displayed.
Modify the configuration according to the guidelines provided in Table 1.
After modifying the configuration, you can cancel the changes, save the changes, preview the changes, or save the changes and deploy the configuration on the device. See Modifying the Configuration of Security Devices.

Table 1: Syslog Settings

Setting	Guideline
General Settings
Time Format	Specify whether the time format should be included in system log messages generated for the device. By default, the timestamp specifies the month, day, hour, minute, and second at which the message was logged. If you select Enable, you can specify whether the milliseconds are included in the timestamp, the year is included in the timestamp, or both the milliseconds and the year are included in the timestamp.
Source Address	Specify the IPv4 or IPv6 address to be used as the source address that is included in system log messages.
Log Rotation Frequency	Configure the time interval (in minutes) at which Junos Space checks for the system log file size. When the log file size exceeds the previously specified size limit, the log file is archived and a new log file is created. The range is 1 through 59 and the default is 15 minutes.
Allow Duplicates	Select this check box if you do not want to suppress syslog messages that were logged earlier. This check box is cleared by default.
Host Configuration
	The existing host configuration entries are displayed in a table. You can do the following: Create a host configuration: Click the + icon to create a host configuration The Create Host Configuration page appears. Complete the configuration according to the guidelines provided in Table 2. Click OK. The host is created and you are returned to the Modify Configuration page. Modify a host configuration—Select a host configuration and click the pencil icon to modify the settings. The Edit Host Configuration page appears, showing the same fields that are presented when you create a host configuration. You can modify some of the fields on this page. Refer to Table 2 for an explanation of the fields. After you have modified the host configuration, click OK. The changes are saved and you are returned to the Modify Configuration page. Delete host configurations—Select one or more host configurations and click the X icon to delete the host configurations. The Warning page appears. Click Yes to confirm the deletion. The selected host configurations are deleted.
File Configuration
	The existing file configuration entries are displayed in a table. You can do the following: Create a file configuration: Click the + icon to create a file configuration. The Create File Configuration page appears. Complete the configuration according to the guidelines provided in Table 3. Click OK. The file is created and you are returned to the Modify Configuration page. Modify a file configuration—Select a file configuration and click the pencil icon to modify the settings. The Edit File Configuration page appears, showing the same fields that are presented when you create a file configuration. You can modify some of the fields on this page. Refer to Table 3 for an explanation of the fields. After you have modified the file configuration, click OK. The changes are saved and you are returned to the Modify Configuration page. Delete file configurations—Select one or more file configurations and click the X icon to delete the file configurations. The Warning page appears. Click Yes to confirm the deletion. The selected file configurations are deleted.
User Configuration
	The existing user configuration entries are displayed in a table. You can do the following: Create a user configuration: Click the + icon to create a user configuration The Create User Configuration page appears. Complete the configuration according to the guidelines provided in Table 4. Click OK. The user configuration is created and you are returned to the Modify Configuration page. Modify a user configuration—Select a user configuration and click the pencil icon to modify the settings. The Edit User Configuration page appears, showing the same fields that are presented when you create a file configuration. You can modify some of the fields on this page. Refer to Table 4 for an explanation of the fields. After you have modified the user configuration, click OK. The changes are saved and you are returned to the Modify Configuration page. Delete user configurations—Select one or more user configurations and click the X icon to delete the user configurations. The Warning page appears. Click Yes to confirm the deletion. The selected user configurations are deleted.

Table 2: Create Host Configuration Settings

Setting	Guideline
Name	Select the name of the host to be notified when the system log matches the condition specified.
Match	Enter a regular expression up to a maximum of 255 characters that must appear or must not appear in a message for the messages to be logged to a host.
Contents
	The table displays the existing facility and severity configured for system log messages. You can perform the following actions: Click the + icon to configure the facility and severity levels of messages to be logged in the remote destination. The Create Contents page appears. Complete the configuration according to the guidelines provided in Table 5 and click OK. The system log message's facility and severity levels are created and you are returned to the Create Host Configuration page. Select an entry and click the pencil icon to modify the facility and severity levels of messages to be logged in the remote destination. The Edit Contents page appears showing the same fields that are presented when you configure the facility and severity levels of messages to be logged in the remote destination. Refer to Table 5 for an explanation of the fields. After you have modified the system log message's facility and severity levels that are associated with the host, click OK. The changes are saved and you are returned to the Create Host Configuration page. Select one or more configured facility and severity levels, and click the X icon to delete the entries. The Warning page appears. Click Yes to confirm the deletion. The selected facility and severity levels are deleted.
Advanced Options
Allow Duplicates	Select this check box if you want to allow repeated messages in the system log output. By default, this check box is cleared, which means that repeated messages are not logged in the output.
Explicit Priority	Select this check box to include the priority, which is a combination of the facility and severity, in syslog messages.
Facility Override	Specify an alternative facility that will replace the default facility used when messages are directed to a remote destination. For more information, see the http://www.juniper.net/documentation/en_US/junos/topics/reference/general/syslog-facilities-remote-logging.html topic.
Log Prefix	Specify the prefix to be used for all syslog messages for the specified host.
Source Address	Specify the IPv4 or IPv6 address to be used as the source address that is included in system log messages for the host.
Port	Specify the port number for the remote syslog folder. The range is 0 through 65,535 and the default is 514.
Structured Data	Select this check box to log messages to a file in structured-data format instead of the standard Junos OS format. The structured-data format complies with IETF RFC 5424. By default, this check box is selected. Select the Brief check box to suppress the English language text that appears by default at the end of a message to describe the error or event. By default this check box is cleared.

Table 3: Create File Configuration Settings

Setting	Guideline
Name	Enter the name of the file in which the data should be logged. The filename must not contain spaces, and it can contain some special characters ($ ^ < > @ # ! * - = _ .).
Match	Enter a regular expression up to a maximum of 255 characters that must appear or must not appear in a message for the messages to be logged to a file.
Contents
	The table displays the existing facility and severity configured for system log messages. You can perform the following actions: Click the + icon to configure the facility and severity levels of messages to be logged in the remote destination. The Create Contents page appears. Complete the configuration according to the guidelines provided in Table 5 and click OK. The system log message's facility and severity levels are created and you are returned to the Create File Configuration page. Select an entry and click the pencil icon to modify the facility and severity levels of messages to be logged in the remote destination. The Edit Contents page appears showing the same fields that are presented when you configure the facility and severity levels of messages to be logged in the remote destination. Refer to Table 5 for an explanation of the fields. After you have modified the system log message's facility and severity levels that are associated with the file, click OK. The changes are saved and you are returned to the Create File Configuration page. Select one or more configured facility and severity levels, and click the X icon to delete the entries. The Warning page appears. Click Yes to confirm the deletion. The selected facility and severity levels are deleted.
Advanced Options
Explicit Priority	Select this check box to include the priority, which is a combination of the facility and severity, in syslog messages.
Structured Data	Select this check box to log messages to a file in structured-data format instead of the standard Junos OS format. The structured-data format complies with IETF RFC 5424. By default, this check box is selected. Select the Brief check box to suppress the English language text that appears by default at the end of a message to describe the error or event. By default this check box is cleared.

Table 4: Create User Configuration Settings

Setting	Guideline
Name	Enter the Junos OS username of the user whose terminal session is to receive system log messages. The username must not contain spaces, and it can contain some special characters (_ .).
Match	Enter a regular expression up to a maximum of 255 characters that must appear or must not appear in a message for the messages to be logged to a user terminal.
Contents
	The table displays the existing facility and severity configured for system log messages. You can perform the following actions: Click the + icon to configure the facility and severity levels of messages to be logged in the remote destination. The Create Contents page appears. Complete the configuration according to the guidelines provided in Table 5 and click OK. The system log message's facility and severity levels are created and you are returned to the Create User Configuration page. Select an entry and click the pencil icon to modify the facility and severity levels of messages to be logged in the remote destination. The Edit Contents page appears showing the same fields that are presented when you configure the facility and severity levels of messages to be logged in the remote destination. Refer to Table 5 for an explanation of the fields. After you have modified the system log message's facility and severity levels that are associated with the user, click OK. The changes are saved and you are returned to the Create User Configuration page. Select one or more configured facility and severity levels, and click the X icon to delete the entries. The Warning page appears. Click Yes to confirm the deletion. The selected facility and severity levels are deleted.
Advanced Options
Allow Duplicates	Select this check box if you want to allow repeated messages in the system log output. By default, this check box is cleared, which means that repeated messages are not logged in the output.

Table 5: Create Contents Settings

Setting	Guideline
Facility	Select the facility to which the system log message belongs. Each system log message belongs to a facility, which categorizes messages based on the source by which they are generated, such as a software process, or that relate to a similar condition or activity, such as authentication attempts.
Severity	Select the severity level for the system log message. Each system message is pre-assigned a severity level, which indicates how seriously the triggering event affects routing platform functions. When you configure logging for a facility and destination, you specify a severity level for each facility.

After you’ve configured the Syslogs on the SRX Series devices, Security Director can receive those logs.

For adding Log Collector as a special node using Security Director Log Collector, click here.

For adding Log Collector as a special node using JSA Log Collector, click here.

Modifying the Syslog Configuration for Security Devices

Related Documentation