Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring a Branch SRX Virtual Chassis to Send Data Plane System Log Messages to NSM

 

This example shows how to configure a branch SRX Series Virtual Chassis to send data plane system log messages to the Network and Security Manager (NSM).

This topic includes the following sections:

Requirements

This example requires the following hardware and software components:

  • Juniper Networks branch SRX Series Services Gateways

  • SRX Series Services Gateways Virtual Chassis running Junos OS Release 11.4R1.2 or later

  • NSM Release 2011.1 or later system

  • SRX Series Services Gateways cluster that is in sync with the Virtual Chassis in NSM

Note

This configuration example has been tested using the software release listed and is assumed to work on all later releases.

Overview and Topology

An SRX Virtual Chassis is a feature that enables in-band management of an SRX Virtual Chassis from NSM. This allows data plane system log messages to be forwarded to NSM from either node. The data plane is active regardless of which node has the active control plane: RE0 or RE1.

In the absence of an SRX Virtual Chassis, a cluster member must be configured with a dedicated interface for managing traffic bi-directionally from NSM.

Junos OS Release 11.4R1.2 or later is set up to connect to the cluster from NSM as shown in Figure 1. In this setup, NSM connects to both the primary (RE0) and secondary (RE1) nodes. Cluster device traffic logs are sent to NSM by passing the log messages through the active nodes of the data plane regardless of the active control plane nodes: RE0 or RE1.

Note

Ensure that the external server receiving the log messages is reachable by both nodes.

Figure 1: SRX Series Virtual Chassis Cluster Setup
SRX Series Virtual Chassis Cluster Setup

Configuration

Data plane logging on the SRX Series can be enabled on NSM or on the SRX Series CLI.

Note

If data logging is enabled on the SRX Series using the CLI, the configuration must be re-synchronized on NSM.

This topic includes the following sections:

Configuring System Message Logging Using the NSM CLI

Step-by-Step Procedure

To enable data plane logging on NSM over the User Datagram Protocol (UDP):

  1. Connect to the NSM console or through SSH as an administrator.
  2. Change directory to /var/netscreen/DevSvr/.
  3. Edit the devSvr.cfg file.
  4. Change the devSvr.enableSyslogOverUdp parameter to true and save the file.

    By default, devSvr.enableSyslogOverUdp is set to false.

  5. Restart the development and GUI services.
  6. Verify connectivity between NSM and UDP port 5140.
    root@nsm2011# netstat -an
  7. Configure the branch SRX Virtual Chassis cluster device to send log messages over UDP by setting the following parameters under the security hierarchy:
    root@SRX_Cluster_Node_0# show security log

Results

Use the tcpdump port 5140 and host 192.168.0.1 commands to verify that NSM is receiving syslog messages from the device.

[root@nsm2011 ~]# tcpdump port 5140 and host 192.168.0.1

Configuring the iptable Rule

Step-by-Step Procedure

An iptable rule is added if NSM is not receiving syslog messages from the device. Adding an iptable rule enables traffic movement.

To configure an iptable rule:

  1. Add a rule to allow UDP port 5140.
  2. Use the iptables -L command to display the syslog messages.

Results

Configuring System Message Logging Using the NSM GUI

Step-by-Step Procedure

To enable data plane logging over UDP on the SRX Series device:

  1. Right-click the device and select Edit as shown in Figure 2.
    Figure 2: SRX Virtual Cluster Edit Option
    SRX Virtual Cluster Edit  Option
  2. Select the Configuration tab.
  3. Navigate to the configuration tree and select Security>Log.
  4. Set the Mode to Stream, and enter the Source Address as shown in Figure 3.
    Figure 3: Virtual Chassis Configuration Option
    Virtual Chassis Configuration Option
  5. Select Stream in the configuration tree log and click + to add a new destination syslog server.
  6. Enter NSM in the Name field, sd-syslog in the Format field, and all in the Category field as shown in Figure 4.
    Figure 4: Virtual Chassis Stream Configuration Option
    Virtual Chassis Stream Configuration Option
  7. Select Host>Stream and set the syslog server parameters.

    Use Port 5140 for NSM as shown in Figure 5.

    Figure 5: Virtual Chassis Stream Host Configuration Option
    Virtual Chassis Stream Host Configuration
Option
  8. Click OK in each window to get back to the NSM Device Manager window.
  9. Right-click and select Update Device as shown in Figure 6.

    The device update notification is displayed as shown in Figure 7 and Figure 8.

    Figure 6: SRX Device Update Option
    SRX Device Update Option
    Figure 7: Device Update Option
    Device Update Option
    Figure 8: Job Information
    Job Information
  10. Verify that NSM can display the logs in log viewer by selecting Predefined>Traffic Logs.

Importing the Existing Configuration File

Step-by-Step Procedure

To import the existing configuration file:

  1. Right-click the NSM device and select Config File Management >Import Config File as shown in Figure 9.
    Figure 9: Configuration File Import Option
    Configuration File Import Option
  2. Select Config File Management>Show Config File Version as shown in Figure 10.
    Figure 10: Configuration File Version
    Configuration File Version
  3. Select the latest configuration file that you imported and click Update.

    NSM is synchronized with the device as shown in Figure 11.

    Figure 11: File Synchronization Status
    File Synchronization Status