Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


log (Security)



Hierarchy Level

Release Information

Statement introduced in Junos OS Release 9.2.

The [edit logical-systems name security] and [edit tenants tenant-name security] hierarchy levels introduced in Junos OS Release 19.1R1.

escape option added in Junos OS Release 20.2R1.


Configure security log. Set the mode of logging (event for traditional system logging or stream for streaming security logs through a revenue port to a server). You can also specify all the other parameters for security logging.


cacheCache security log events in the audit log buffer.
disableDisable the security logging for the device.
escapeEscapes the stream log forwarding to avoid parsing errors. Stream mode supports escape in sd-syslog and binary format. Event mode supports escape only in binary format.
time-formatSpecify the year, the millisecond, or both in the timestamp.
event-rate rateLimit the rate at which logs are streamed per second.

Range: 0 through 1500

Default: 1500

facility-overrideAlternate facility for logging to remote host.
fileSpecify the security log file options for logs in binary format.


  • max-file-number—Maximum number of binary log files.

    • The range is 2 through 10 and the default value is 10.

  • file-name—Name of binary log file.

  • binary-log-file-path—Path to binary log files.

  • maximum-file-size—Maximum size of binary log file in megabytes.

    • The range is 1 through 10 and the default value is 10.

formatSet the security log format for the device.
max-database-recordThe following are the disk usage range limits for the database:


  • SRX1500, SRX4100, and SRX4200: 0 through 15,000,000

  • vSRX: 0 through 1,000,000


  • SRX1500, SRX4100, and SRX4200: 15,000,000

  • vSRX: 1,000,000


Be sure there is enough free space in /var/log/hostlogs/, otherwise logs might be dropped when written into the database.

modeControl how security logs are processed and exported.
rate-cap rate-cap-valueWork with event mode only. This option limits the rate at which data plane logs are generated per second.

Range: 0 through 5000 logs per second

Default: 5000 logs per second

source-address source-addressSpecify a source IP address or IP address used when exporting security logs, which is mandatory to configure stream host.
source-interface interface-nameSpecify a source interface name, which is mandatory to configure stream host.

The source-address and source-interface are alternate values. Using one of the options is mandatory.

streamEvery stream can configure file or host.
traceoptionsSpecify security log daemon trace options.
transportSet security log transport settings.
utc-timestampSpecify to use UTC time for security log timestamps.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.