11.2.8.3. Debug log settings for individual functions

Operation Confirmed Version:
 vSRX Version15.1X49-D105.1

Log setting for the security function

Log setting

The log setting procedure for the security function is described below:

Presumed case for sample setting

  • To specify a log option for each policy

  • To change from the default stream mode to the event mode (to view as a local log)

Command to be entered with CLI

user01@vSRX-01# set security policies from-zone trust to-zone "zone名" policy "ポリシー名" then log "initなど通信の種類"
user01@vSRX-01# set security log mode event

Note

Log amount restriction

For security log, the rate limit can be set for each mode. The default is the maximum value. The change method is described below:

Presumed case for sample setting

  • To change the rate limit of each mode

Command to be entered with CLI

  • stream mode
user01@vSRX-01# set security log stream "ストリーム名" rate-limit 値(1..65535)

Note

For details, refer to ‘Juniper Networks official website <https://www.juniper.net/documentation/en_US/junos/topics/concept/security-system-log-message-overview.html>’_.

  • event mode

Command to be entered with CLI

user01@vSRX-01# set security log event-rate 値(0..1500)

The log amount transferable to the outside can be restricted through security log settings. The default is the maximum value. The function is effective only in the event mode. The change method is described below:

Command to be entered with CLI

user01@vSRX-01# set security log rate-cap 値(0..5000)

Handling excess logs beyond the log amount restriction

  • Log forwarding in the stream mode

    • When the log amount to be forwarded exceeds the rate limit, the excess log is discarded.

  • Writing logs into vSRX in the event mode

    • When the log amount to be written exceeds the rate limit, the excess log is discarded.

  • Log forwarding in the event mode

    • No distinct rate limit is present. Log amount transferable depends on the state of load and resources. Excess logs are discarded.

Note

As described above, discard of logs beyond the processing capacity is commonly performed.

Log settings for other functions

Log setting using traceoption

For some other functions, traceoption settings may be used. Using the traceoption allows to acquire debug level logs. Utilize for troubleshooting, for example.

Note

For details, refer to ‘Juniper Networks official website <https://kb.juniper.net/InfoCenter/index?page=content&id=KB16108&actp=METADATA>’_.