Syntax
stream stream-name {
category (all | content-security | fw-auth | screen | alg | nat | flow | sctp | gtp | ipsec | idp | rtlog |pst-ds-lite | appqos |secintel |aamw);
file {
allow-duplicates;
name file-name;
size maximum-file-size;
rotation maximum-file-rotation-number;
filter {
threat-attack;
}
format (binary | sd-syslog | syslog | welf);
host {
ip-address;
port port-number;
routing-instanceinstance-name;
}
rate-limit {
log-rate;
}
severity (alert | critical | debug | emergency | error | info | notice | warning);
source-address {
ip-address;
}
time-format (year | millisecond);
transport {
protocol (tcp | tls | udp);
tcp-connections tcp-connections;
tls-profile tls-profile;
}
}
Hierarchy Level
[edit security log]
[edit logical-systems name security log]
[edit tenants tenant-name security log]
Description
Define the security log steam settings.
Options
stream |
Every stream can configure file or host.
Values:
category— Type of events that may be logged.
all— All events are logged
content-security — Content security events are logged
fw-auth— Fw-auth events are logged.
screen— Screen events are logged.
alg— Alg events are logged.
nat— Nat events are logged.
flow— Flow events are logged.
sctp— Sctp events are logged.
gtp— Gtp events are logged.
ipsec— IPsec events are logged.
idp— Idp events are logged.
rtlog— Rtlog events are logged.
pst-ds-lite— Pst-ds-lite events are logged.
appqos— Appqos events are logged.
secintel— AAMW events are logged.
file— Security log file options for logs in local file.
allow-duplicates— To disable log consolidation.
file-name— Name of local log file.
file-size— Specify the local log file size in megabytes.
rotation— Configure the max file number for rotation.
filter threat-attack— Selects the filter to filter the threat attack security events to be logged
format (binary | sd-syslog | syslog)— Specify the log stream format in binary or sd-syslog or syslog formats.
host ip-address— Destination to send security logs.
rate-limit rate— Specify the rate limit for security logs.
severity— Specify the severity threshold for security logs.
alert— Specify the conditions that require immediate attention.
critical— Specify the critical conditions.
debug— Specify the information normally used in debugging.
emergency— Specify the conditions that cause security functions to stop.
error— Specify the general error conditions.
info— Specify the Information about normal security operations.
notice— Specify the non error conditions that are of interest.
warning— Specify the general warning conditions.
source-address— Specify the source address to the stream log.
time-format (year | millisecond)— Specify the year, the millisecond, or both in the timestamp.
transport— Set the security log transport settings.
protocol (tcp | tls | udp)— Specify the security log transport protocol for the device. Values: tcp, tls, and udp.
tcp-connections— Specify the number of tcp connections per stream. Values: 1 through 5.
Note: tcp-connections is not supported on logical and tenant systems.
tls-profile— Specify the tls profile.
|
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement modified in Junos OS Release 9.2.
The [edit logical-systems name security log] and [edit tenants tenant-name security log] hierarchy levels introduced in Junos OS Release 19.1R1.
time-format, source-address, and transport options are introduced in Junos OS Release 20.2R1.
