log (Security)

Syntax

log {cache {exclude exclude-name {destination-address destination-address;destination-port destination-port;event-id event-id;failure;interface-name interface-name;policy-name policy-name;process process-name;protocol protocol;source-address source-address;source-port source-port;success;user-name user-name;}limit value;}disable;event-rate rate;file {files max-file-number;name file-name;path binary-log-file-path;size maximum-file-size;}format (binary | sd-syslog | syslog);mode (event | stream);rate-cap rate-cap-value;(source-address source-address | source-interface interface-name);stream stream-name {category (all | content-security);format (binary | sd-syslog | syslog | welf);host {ip-address;port port-number;}severity (alert | critical | debug | emergency | error | info | notice | warning);}traceoptions {file {filename;files number;match regular-expression;size maximum-file-size;(world-readable | no-world-readable);}flag flag;no-remote-trace;}transport {protocol (udp | tcp | tls);tls-profile tls-profile-name;tcp-connections tcp-connections;}utc-time-stamp;}

Hierarchy Level

[edit security]

Release Information

Statement introduced in Junos OS Release 9.2.

Support for the source-interface option added in Junos OS Release 12.1X46-D25.

Description

You can set the mode of logging (event for traditional system logging or stream for streaming security logs through a revenue port to a server). You can also specify all the other parameters for security logging.

Options

disable

Disable the security logging for the device.

event-rate rate

Limit the rate (0 through 1500) at which logs will be streamed per second.

rate-cap rate-cap-value

Limit the rate (0 through 5000) at which data plane logs will be generated per second.

source-address source-address

Specify a source IP address or IP address used when exporting security logs.

source-interface interface-name

Specify a source interface name, which is mandatory to configure stream.

Note: The source-address and source-interface are alternate values. Using one of the options is mandatory.

utc-time-stamp

Specify to use UTC time for security log timestamps.

The remaining statements are explained separately.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Related Documentation