jeudi 12 janvier 2012

Juniper: SRX / J-Serie: Configure syslog to enable web policy log

JUNOS J-Web Policy Log display
So, you've just intalled a new srx in place of your netscreen, so you go through Config / Security /Policy FW and add a new policy, you tick the check-box logging seesiion-init and session-close.
You start some traffic that match the policy, go again on j-web to view the policy logs....and found nothing ! Why ????
This is because you first need to configure the syslog in a special way so the j-web can display the logs.
As you know, or not, all components of junos config works internaly with XML. So you need to create an xml syslog file.
Two way to do so:
- directly with the jweb,
- manually with cli.

CLI Method
under cli, in configuration mode you have to configure this:
[edit system syslog]
root@gwoob#
file policy_session {
    user info;
    match RT_FLOW;
    archive size 1000k world-readable;
    structured-data;
}

by entering the command:
set system syslog file policy_session user info
set system syslog file policy_session match RT_FLOW
set system syslog file policy_session archive size 1000k
set system syslog file policy_session archive world-readable
set system syslog file policy_session structured-data

J-Web Method
If you have no log under Monitor / Event and Alarms / Security Event
You have to click on the button: Create log configuration in the middle panel. Same path ( Monitor / Event and Alarms / Security Event ).

Now you will be able to see the policy log's.

Phil.