stream (Security Log)

Syntax

Hierarchy Level

Description

Define the security log steam settings.

Define security log stream options for a logical and tenant system. When the logging mode is set to stream, security logs generated in the data plane are streamed out a revenue traffic port directly to a remote server. All the categories can be configured for sending specific category logs to different log servers for stream mode log forwarding.

Options

stream

Every stream can configure file or host.

Values:
- category— Type of events that may be logged.
  - all— All events are logged
  - content-security — Content security events are logged
  - fw-auth— Fw-auth events are logged.
  - screen— Screen events are logged.
  - alg— Alg events are logged.
  - nat— Nat events are logged.
  - flow— Flow events are logged.
  - sctp— Sctp events are logged.
  - gtp— Gtp events are logged.
  - ipsec— IPsec events are logged.
  - idp— Idp events are logged.
  - rtlog— Rtlog events are logged.
  - pst-ds-lite— Pst-ds-lite events are logged.
  - appqos— Appqos events are logged.
  - secintel— AAMW events are logged.
- file— Security log file options for logs in local file.
  - allow-duplicates— To disable log consolidation.
  - file-name— Name of local log file.
  - file-size— Specify the local log file size in megabytes.
    - Range: 10M through 50M.
  - rotation— Configure the max file number for rotation.
    - Range: 2 through 19.
- filter threat-attack— Selects the filter to filter the threat attack security events to be logged
- format (binary | sd-syslog | syslog)— Specify the log stream format in binary or sd-syslog or syslog formats.
- host ip-address— Destination to send security logs.
  - port— Specify the host port number.
  - routing-instance— Specify the routing instance name.
- radius— Configure RADIUS accounting for security events by specifying the RADIUS accounting server.
  - ipaddr — Specify the IP address of the RADIUS server for accounting messages.
    - primary — IP address of the Primary RADIUS server. Configure the primary IP address to enable radius stream.
    - backup — IP address of the backup RADIUS server.
- rate-limit rate— Specify the rate limit for security logs.
  - The range is 1 through 65535 logs per second and the default value is 65535
- severity— Specify the severity threshold for security logs.
  - alert— Specify the conditions that require immediate attention.
  - critical— Specify the critical conditions.
  - debug— Specify the information normally used in debugging.
  - emergency— Specify the conditions that cause security functions to stop.
  - error— Specify the general error conditions.
  - info— Specify the Information about normal security operations.
  - notice— Specify the non error conditions that are of interest.
  - warning— Specify the general warning conditions.
- source-address— Specify the source address to the stream log.
- time-format (year | millisecond)— Specify the year, the millisecond, or both in the timestamp.
- transport— Set the security log transport settings.
  - protocol (tcp | tls | udp)— Specify the security log transport protocol for the device. Values: tcp, tls, and udp.
  - tcp-connections— Specify the number of tcp connections per stream. Values: 1 through 5.
    
    Note:
    tcp-connections is not supported on logical and tenant systems.
  - tls-profile— Specify the tls profile.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement modified in Junos OS Release 9.2.

The [edit logical-systems name security log] and [edit tenants tenant-name security log] hierarchy levels introduced in Junos OS Release 19.1R1.

time-format, source-address, and transport options are introduced in Junos OS Release 20.2R1.

radius option is introduced in Junos OS Release 24.2R1.

ON THIS PAGE