SRX standard and structured syslogging

SRX can send the logs in two formats standard and structured. If you haven’t made any extra config, what you see in the traffic logs is usually standard one. However structured one is easier to read and parse. Look, it is in the format field_name = field_value, so you can parse it or more friendly.

but you don’t get this by default. I have put a sample config which can help you log syslog in structured format.
Apparently sd-syslog isn’t sufficient alone but stream is also needed.

One thought on “SRX standard and structured syslogging

  1. rk8

    Indeed – srx log format can be also defined differently per each stream. On the other hand I would advise not to use another possibility – binary format (I used it on srx high end devices for sending logs to qradar but since it has slightly changed after srx upgrade to latest jtac recommended version it gave me a lot of headaches and I switches back to plain old syslog…

    Thanks Rok

    Reply

You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.