Security logging is disabled

If you configure logging on SRX as below

and issue the command

Don’t panic! this command doesn’t tell you that your data plane logging is disabled or not. This is actually a different thing. For example once you enable the log cache via the command
set security log cache” and commit, “show security log” will show you something about audit log but not policy logging.

I just wanted to share this as it seems there is a confusion about the output of this command.

4 thoughts on “Security logging is disabled

  1. Tom

    Maybe it is not relevant for classic “Control plane” logging but it MUST be activated for “Data plane” logging. It helped me at least.

    Differences between both logging methosts:
    http://kb.juniper.net/InfoCenter/index?page=content&id=KB16224

    My setup for Data plane logging:
    before (not working):
    show configuration | display set | match “security log”
    set security log mode stream
    set security log format sd-syslog
    set security log source-address 10.1.1.1
    set security log stream securitylog_10.1.1.10 severity info
    set security log stream securitylog_10.1.1.10 format syslog
    set security log stream securitylog_10.1.1.10 category all
    set security log stream securitylog_10.1.1.10 host 10.1.1.10
    set security log stream securitylog_10.1.1.10 host port 514
    deactivate security log

    Then commiting: activate security log

    After commit (working, sending logs):
    show configuration | display set | match “security log”
    set security log mode stream
    set security log format sd-syslog
    set security log source-address 10.1.1.1
    set security log stream securitylog_10.1.1.10 severity info
    set security log stream securitylog_10.1.1.10 format syslog
    set security log stream securitylog_10.1.1.10 category all
    set security log stream securitylog_10.1.1.10 host 10.1.1.10
    set security log stream securitylog_10.1.1.10 host port 514

    ..and it is now sending logs. (Of course do not forget to enable logging on policy 🙂 )

    Tom

    Reply

You have a feedback?