log (Security)

Syntax

Hierarchy Level

Description

CAUTION:

Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.

Configure security log. Set the mode of logging (event for traditional system logging or stream for streaming security logs through a revenue port to a server). You can also specify all the other parameters for security logging.

Options

`cache`	Cache security log events in the audit log buffer.
`disable`	Disable the security logging for the device.
`escape`	Escapes the stream log forwarding to avoid parsing errors. Stream mode supports escape in `sd-syslog` and `binary` format. Event mode supports escape only in `binary` format.
`time-format`	Specify the year, the millisecond, or both in the timestamp.
`event-rate` `rate`	Limit the rate at which logs are streamed per second. Range: 0 through 1500 Default: 1500
`facility-override`	Alternate facility for logging to remote host.
`file`	Specify the security log file options for logs in binary format. Values: `max-file-number`—Maximum number of binary log files. The range is 2 through 10 and the default value is 10. `file-name`—Name of binary log file. `binary-log-file-path`—Path to binary log files. `maximum-file-size`—Maximum size of binary log file in megabytes. The range is 1 through 10 and the default value is 10.
`format`	Set the security log format for the device.
`max-database-record`	The following are the disk usage range limits for the database: Range: SRX1500, SRX4100, and SRX4200: 0 through 15,000,000 vSRX: 0 through 1,000,000 Default: SRX1500, SRX4100, and SRX4200: 15,000,000 vSRX: 1,000,000 Be sure there is enough free space in `/var/log/hostlogs/`, otherwise logs might be dropped when written into the database.
`mode`	Control how security logs are processed and exported.
`rate-cap` `rate-cap-value`	Work with event mode only. This option limits the rate at which data plane logs are generated per second. Range: 0 through 5000 logs per second Default: 5000 logs per second
`retry-countretry-count`	Specify the maximum number attempts to send accounting message to the RADIUS accounting server in case of a transmission failure.
root-streaming	Allows the user logical systems to generate the logs using the root logical system's stream configuration.
`source-address` `source-address`	Specify a source IP address or IP address used when exporting security logs, which is mandatory to configure `stream host`.
`source-interface` `interface-name`	Specify a source interface name, which is mandatory to configure `stream host`. The `source-address` and `source-interface` are alternate values. Using one of the options is mandatory.
`stream`	Every stream can configure file or host.
`traceoptions`	Specify security log daemon trace options.
`transport`	Set security log transport settings.
`utc-timestamp`	Specify to use UTC time for security log timestamps.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.2.

The [edit logical-systems name security] and [edit tenants tenant-name security] hierarchy levels introduced in Junos OS Release 19.1R1.

escape option added in Junos OS Release 20.2R1.

root-streaming option added in Junos OS Release 20.3R1.

protobuf option is introduced in Junos OS Release 23.2R1.

retry-count option is introduced in Junos OS Release 24.2R1.

ON THIS PAGE