log (Security)


log {cache {exclude exclude-name {destination-address destination-address;destination-port destination-port;event-id event-id;failure;interface-name interface-name;policy-name policy-name;process process-name;protocol protocol;source-address source-address;source-port source-port;success;user-name user-name;}limit value;}disable;event-rate rate;file {files max-file-number;name file-name;path binary-log-file-path;size maximum-file-size;}format (binary | sd-syslog | syslog);mode (event | stream);rate-cap rate-cap-value;(source-address source-address | source-interface interface-name);stream stream-name {category (all | content-security);format (binary | sd-syslog | syslog | welf);host {ip-address;port port-number;}severity (alert | critical | debug | emergency | error | info | notice | warning);}traceoptions {file {filename;files number;match regular-expression;size maximum-file-size;(world-readable | no-world-readable);}flag flag;no-remote-trace;}transport {protocol (udp | tcp | tls);tls-profile tls-profile-name;tcp-connections tcp-connections;}utc-time-stamp;}

Hierarchy Level

[edit security]

Release Information

Statement introduced in Junos OS Release 9.2.

Support for the source-interface option added in Junos OS Release 12.1X46-D25.


You can set the mode of logging (event for traditional system logging or stream for streaming security logs through a revenue port to a server). You can also specify all the other parameters for security logging.



Disable the security logging for the device.

event-rate rate

Limit the rate (0 through 1500) at which logs will be streamed per second.

rate-cap rate-cap-value

Works with event mode only. Limit the rate (0 through 5000) at which data plane logs will be generated per second.

source-address source-address

Specify a source IP address or IP address used when exporting security logs.

source-interface interface-name

Specify a source interface name, which is mandatory to configure stream.

Note: The source-address and source-interface are alternate values. Using one of the options is mandatory.


Specify to use UTC time for security log timestamps.

The remaining statements are explained separately.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Related Documentation