log (Security)
Syntax
log {
(source-address source-address | source-interface source-interface);
destination-address destination-address;
destination-port destination-port;
event-id event-id;
failure;
interface-name interface-name;
policy-name policy-name;
process process;
protocol protocol;
source-address source-address;
source-port source-port;
success;
username username;
}
}
disable;
escape;
time-format (year | millisecond);
facility-override (authorization | daemon | ftp | kernel | local0 | local1 | local2
| local3 | local4 | local5 | local6 | local7 | user);
files files;
name name;
path path;
size size;
}
format (binary | sd-syslog | syslog);
max-database-record max-database-record;
message-rate-limit messages per second;
mode (event | stream | stream-event);
logs-per-table {
idp idp;
ipsec-vpn ipsec-vpn;
screen screen;
session-all session-all;
sky sky;
utm utm;
}
table-lifetime table-lifetime;
}
root-streaming;
stream stream-name {
category (all | content-security | fw-auth | screen | alg
| nat | flow | sctp | gtp | ipsec | idp | rtlog |pst-ds-lite | appqos
|secintel |aamw);
format (binary | sd-syslog | syslog | welf);
host {
routing-instanceinstance-name;
}
severity (alert | critical | debug | emergency | error
| info | notice | warning);
time-format (year | millisecond);
transport {
protocol (tcp | tls | udp);
tcp-connections tcp-connections;
tls-profile tls-profile;
}
}
file <filename> <files files> <match match> <size size> <(world-readable | no-world-readable)>;
flag name;
no-remote-trace;
}
protocol (tcp | tls | udp);
tcp-connections tcp-connections;
tls-profile tls-profile;
}
utc-timestamp;
}
Hierarchy Level
[edit security]
[edit logical-systems name security]
[edit tenants tenant-name security]
Release Information
Statement introduced in Junos OS Release
9.2.
The [edit logical-systems name security] and [edit tenants tenant-name security] hierarchy levels introduced
in Junos OS Release 19.1R1.
escape option added in Junos OS Release 20.2R1.
root-streaming option added in Junos OS Release 20.3R1.
Description
Configure security log. Set the mode
of logging (event for traditional system logging or stream for streaming
security logs through a revenue port to a server). You can also specify
all the other parameters for security logging.
Options
cache—Cache
security log events in the audit log buffer.
disable—Disable the security logging for the device.
escape—Escapes
the stream log forwarding to avoid parsing errors. Stream mode supports
escape in sd-syslog and binary format. Event
mode supports escape only in binary format.
time-format—Specify the year, the millisecond, or both in the timestamp.
event-rate rate—Limit the rate at which logs are streamed
per second.
facility-override—Alternate facility for logging to remote host.
file—Specify
the security log file options for logs in binary format.
Values:
max-file-number—Maximum
number of binary log files.
file-name—Name of
binary log file.
binary-log-file-path—Path
to binary log files.
maximum-file-size—Maximum
size of binary log file in megabytes.
format—Set
the security log format for the device.
max-database-record—The following are the disk usage range limits for the database:
Range:
SRX1500, SRX4100, and SRX4200: 0 through 15,000,000
vSRX: 0 through 1,000,000
Default:
SRX1500, SRX4100, and SRX4200: 15,000,000
vSRX: 1,000,000
Be sure there is enough free space in /var/log/hostlogs/, otherwise logs might be dropped when written into the database.
mode—Control
how security logs are processed and exported.
rate-cap rate-cap-value—Work with event mode only. This option
limits the rate at which data plane logs are generated per second.
Range: 0 through 5000 logs per second
Default: 5000 logs per second
root-streaming—Allows
the user logical systems to generate the logs using the root logical
system's stream configuration.
source-address source-address—Specify a source IP address or IP address
used when exporting security logs, which is mandatory to configure stream host.
source-interface interface-name—Specify a source interface name, which
is mandatory to configure stream host.
The source-address and source-interface are alternate values. Using one of the options is mandatory.
stream—Every
stream can configure file or host.
traceoptions—Specify security log daemon trace options.
transport—Set security log transport settings.
utc-timestamp—Specify to use UTC time for security log timestamps.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement
in the configuration.
security-control—To
add this statement to the configuration.