Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


log (Security)


Hierarchy Level


Configure security log. Set the mode of logging (event for traditional system logging or stream for streaming security logs through a revenue port to a server). You can also specify all the other parameters for security logging.



Cache security log events in the audit log buffer.


Disable the security logging for the device.


Escapes the stream log forwarding to avoid parsing errors. Stream mode supports escape in sd-syslog and binary format. Event mode supports escape only in binary format.


Specify the year, the millisecond, or both in the timestamp.

event-rate rate

Limit the rate at which logs are streamed per second.

  • Range: 0 through 1500

  • Default: 1500


Alternate facility for logging to remote host.


Specify the security log file options for logs in binary format.

  • Values:

    • max-file-number—Maximum number of binary log files.

      • The range is 2 through 10 and the default value is 10.

    • file-name—Name of binary log file.

    • binary-log-file-path—Path to binary log files.

    • maximum-file-size—Maximum size of binary log file in megabytes.

      • The range is 1 through 10 and the default value is 10.


Set the security log format for the device.


The following are the disk usage range limits for the database:

  • Range:

    • SRX1500, SRX4100, and SRX4200: 0 through 15,000,000

    • vSRX: 0 through 1,000,000

  • Default:

    • SRX1500, SRX4100, and SRX4200: 15,000,000

    • vSRX: 1,000,000

    Be sure there is enough free space in /var/log/hostlogs/, otherwise logs might be dropped when written into the database.


Control how security logs are processed and exported.

rate-cap rate-cap-value

Work with event mode only. This option limits the rate at which data plane logs are generated per second.

  • Range: 0 through 5000 logs per second

  • Default: 5000 logs per second


Allows the user logical systems to generate the logs using the root logical system's stream configuration.

source-address source-address

Specify a source IP address or IP address used when exporting security logs, which is mandatory to configure stream host.

source-interface interface-name

Specify a source interface name, which is mandatory to configure stream host.

The source-address and source-interface are alternate values. Using one of the options is mandatory.


Every stream can configure file or host.


Specify security log daemon trace options.


Set security log transport settings.


Specify to use UTC time for security log timestamps.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.2.

The [edit logical-systems name security] and [edit tenants tenant-name security] hierarchy levels introduced in Junos OS Release 19.1R1.

escape option added in Junos OS Release 20.2R1.

root-streaming option added in Junos OS Release 20.3R1.

protobuf option is introduced in Junos OS Release 23.2R1.