Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


stream (Security Log)


Hierarchy Level


Define the security log steam settings.



Every stream can configure file or host.

  • Values:

    • category— Type of events that may be logged.

      • all— All events are logged

      • content-security — Content security events are logged

      • fw-auth— Fw-auth events are logged.

      • screen— Screen events are logged.

      • alg— Alg events are logged.

      • nat— Nat events are logged.

      • flow— Flow events are logged.

      • sctp— Sctp events are logged.

      • gtp— Gtp events are logged.

      • ipsec— IPsec events are logged.

      • idp— Idp events are logged.

      • rtlog— Rtlog events are logged.

      • pst-ds-lite— Pst-ds-lite events are logged.

      • appqos— Appqos events are logged.

      • secintel— AAMW events are logged.

    • file— Security log file options for logs in local file.

      • allow-duplicates— To disable log consolidation.

      • file-name— Name of local log file.

      • file-size— Specify the local log file size in megabytes.

        • Range: 10M through 50M.

      • rotation— Configure the max file number for rotation.

        • Range: 2 through 19.

    • filter threat-attack— Selects the filter to filter the threat attack security events to be logged

    • format (binary | sd-syslog | syslog)— Specify the log stream format in binary or sd-syslog or syslog formats.

    • host ip-address— Destination to send security logs.

      • port— Specify the host port number.

      • routing-instance— Specify the routing instance name.

    • rate-limit rate— Specify the rate limit for security logs.

      • The range is 1 through 65535 logs per second and the default value is 65535

    • severity— Specify the severity threshold for security logs.

      • alert— Specify the conditions that require immediate attention.

      • critical— Specify the critical conditions.

      • debug— Specify the information normally used in debugging.

      • emergency— Specify the conditions that cause security functions to stop.

      • error— Specify the general error conditions.

      • info— Specify the Information about normal security operations.

      • notice— Specify the non error conditions that are of interest.

      • warning— Specify the general warning conditions.

    • source-address— Specify the source address to the stream log.

    • time-format (year | millisecond)— Specify the year, the millisecond, or both in the timestamp.

    • transport— Set the security log transport settings.

      • protocol (tcp | tls | udp)— Specify the security log transport protocol for the device. Values: tcp, tls, and udp.

      • tcp-connections— Specify the number of tcp connections per stream. Values: 1 through 5.


        tcp-connections is not supported on logical and tenant systems.

      • tls-profile— Specify the tls profile.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement modified in Junos OS Release 9.2.

The [edit logical-systems name security log] and [edit tenants tenant-name security log] hierarchy levels introduced in Junos OS Release 19.1R1.

time-format, source-address, and transport options are introduced in Junos OS Release 20.2R1.