Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

log (Security)

Syntax

Hierarchy Level

Description

Configure security log. Set the mode of logging (event for traditional system logging or stream for streaming security logs through a revenue port to a server). You can also specify all the other parameters for security logging.

Options

cache

Cache security log events in the audit log buffer.
disable

Disable the security logging for the device.
escape

Escapes the stream log forwarding to avoid parsing errors. Stream mode supports escape in sd-syslog and binary format. Event mode supports escape only in binary format.
time-format

Specify the year, the millisecond, or both in the timestamp.
event-rate rate

Limit the rate at which logs are streamed per second.

  • Range: 0 through 1500

  • Default: 1500
facility-override

Alternate facility for logging to remote host.
file

Specify the security log file options for logs in binary format.

  • Values:

    • max-file-number—Maximum number of binary log files.

      • The range is 2 through 10 and the default value is 10.

    • file-name—Name of binary log file.

    • binary-log-file-path—Path to binary log files.

    • maximum-file-size—Maximum size of binary log file in megabytes.

      • The range is 1 through 10 and the default value is 10.
format

Set the security log format for the device.
max-database-record

The following are the disk usage range limits for the database:

  • Range:

    • SRX1500, SRX4100, and SRX4200: 0 through 15,000,000

    • vSRX: 0 through 1,000,000

  • Default:

    • SRX1500, SRX4100, and SRX4200: 15,000,000

    • vSRX: 1,000,000

    Be sure there is enough free space in /var/log/hostlogs/, otherwise logs might be dropped when written into the database.
mode

Control how security logs are processed and exported.
rate-cap rate-cap-value

Work with event mode only. This option limits the rate at which data plane logs are generated per second.

  • Range: 0 through 5000 logs per second

  • Default: 5000 logs per second
root-streaming

Allows the user logical systems to generate the logs using the root logical system's stream configuration.
source-address source-address

Specify a source IP address or IP address used when exporting security logs, which is mandatory to configure stream host.
source-interface interface-name

Specify a source interface name, which is mandatory to configure stream host.

The source-address and source-interface are alternate values. Using one of the options is mandatory.
stream

Every stream can configure file or host.
traceoptions

Specify security log daemon trace options.
transport

Set security log transport settings.
utc-timestamp

Specify to use UTC time for security log timestamps.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.2.

The [edit logical-systems name security] and [edit tenants tenant-name security] hierarchy levels introduced in Junos OS Release 19.1R1.

escape option added in Junos OS Release 20.2R1.

root-streaming option added in Junos OS Release 20.3R1.

protobuf option is introduced in Junos OS Release 23.2R1.