Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Understanding Stream Logging for Security Devices

 

Junos OS supports forwarding logs using stream mode and event mode. All the categories can be configured for sending specific category logs to different log servers for stream mode log forwarding.

Stream mode log forwarding includes the following steps:

  • An RTLOG system log message is generated by the data plane and is sent out from the Packet Forwarding Engine.

  • An RTLOG system log message is generated by pfe process and is sent from Packet Forwarding Engine.

  • An RTLOG system log message is generated by the Routing Engine unified threat management (utmd) process and is sent by rtlogd process from the Routing Engine.

For stream mode log forwarding, the transport protocol used between Packet Forwarding Engine and the log server can be UDP, TCP, or TLS. These transport protocols UDP, TCP, and TLS are configurable. The transport protocol used between the Routing Engine and the log server can only be UDP. TLS is not supported on cSRX.

Starting in Junos OS Release 17.4R2 and later, on SRX300, SRX320, SRX340, SRX345 Series devices and vSRX instances, when the device is configured in stream mode, you can configure maximum of eight system log hosts.

In Junos OS Release 17.4R2 and earlier releases, you can configure only three system log hosts in the stream mode. If you configure more than three system log hosts, then the following error message is displayed error: configuration check-out failed.

Release History Table
Release
Description
Starting in Junos OS Release 17.4R2 and later, on SRX300, SRX320, SRX340, SRX345 Series devices and vSRX instances, when the device is configured in stream mode, you can configure maximum of eight system log hosts.

In Junos OS Release 17.4R2 and earlier releases, you can configure only three system log hosts in the stream mode. If you configure more than three system log hosts, then the following error message is displayed error: configuration check-out failed.