Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure Security Logs

After the device is discovered by the Juniper Security Director Cloud, the device is automatically configured to stream the security logs to Juniper Security Director Cloud.

Note:

For devices in a multinode high availability (MNHA) pair, the security logs are streamed for individual device in the pair.

By default, Juniper Security Director Cloud configures the security logs for the devices. The security logs are not configured for the following conditions:

  • Device is using a management interface fxp0 as the source interface. Only the revenue ports are allowed for source interface configuration of security logging.

  • If your devices are standalone, in clusters, or in an MNHA pair, and use a custom routing instance, you must run the following CLI commands to receive logs streams on Juniper Security Director Cloud:

    • Standalone devices: set security log stream sd-cloud-logs host routing-instance <custom routing-instance>

    • Device clusters:

      • set groups node0 security log stream sd-cloud-logs host routing-instance <custom routing-instance>

      • set groups node1 security log stream sd-cloud-logs host routing-instance <custom routing-instance>

    • For each device in an MNHA pair: set security log stream sd-cloud-logs host routing-instance <custom routing-instance>

    For more information on adding devices to Juniper Security Director Cloud, see Add Devices.

  • During device discovery, if the CA certificate or the local certificate deploy fails, then it will result in non-configuration of security logs.

  1. Select SRX > Device Management > Devices.

    The Devices page opens.

  2. Click Security Logs Configuration.
    The Security Logs Configuration page opens displaying all the devices.
  3. Select the device or device cluster to configure security logging, and click on the top-right of the page.
  4. Enable Security Log Status for the device or device cluster.
  5. Select the source interface from the drop-down list, and click .
    A message appears asking you to confirm security logging configuration for the rest of the devices.
  6. Click one of the following options:

    • Yes to go ahead with the process.

    • No to stop the process and configure security logging for other devices or device clusters of your choice.

If you click Yes, the job is created to push the syslog configuration to the device or device cluster. When the job completes, security logging is configured for the device or device cluster.

Related Documentation