• In the File Name field, enter a filename for the log data file.
• In the File Path field, enter the path where the log file is saved.
• In the File Size field, enter the maximum size of the log file in megabytes.
• In the Max No. Of files field, enter the maximum number of log files to create for each session.
6. Expand the Cache section, and configure the following parameters:
• In the Limit field, enter the maximum number of log entries to store in the cache memory. The default value is 10,000 entries.
7. To restrict the device from logging certain configurations, you can create different exclude configurations.
To create a new exclude configuration:
• Under the Exclude section, click the plus sign (+).
The Exclude Configuration page appears, as shown inFigure 5 on page 26.
Figure 5: Security Logging–Exclude Configuration Page
• In the Name field, enter the name of a new exclude configuration.
• Under the Destination section, in the IP Address field, enter the destination IP address in IPv4 or IPv6 address format. The audit log does not include security alarms from the specified destination IP address.
In the Port field, enter the destination IP address port.
• Under the Source section, in the IP Address field, enter the source IP address in IPv4 or IPv6 address format. The audit log does not include security alarms from the specified source IP address.
In the Port field, enter the source IP address port.
• Under the Other Filters section, configure the following parameters:
• In the Event Id field, enter the event ID of the security event. The audit log does not include security alarms for this event ID.
• To restrict the logging of failed events, select the Failure check box.
• In the Interface field, enter the name of the interface. The audit log does not include security alarms from the specified interface.
• In the Policy Name field, enter the policy name.
• In the Process field, specify the name of the process that is generating the events.
• In the Protocol field, enter the protocol name.
• To restrict the logging of successful events, select the Success check box.
• In the User Name field, enter the name of the authenticated user. All security events that are enabled by this user are not generated in the audit log.
• To create a new exclude configuration, click Ok.
8. To create a new security log, click Ok.
1. Under the Security section, click Syslog.
The Modify Syslog page appears, as shown inFigure 6 on page 27.
Figure 6: Device Configuration–Modify Syslog Page
Chapter 5: Device Settings for Logging
• To include the additional information in the system log time stamp, select the Time-format check box.
• In the Source Address field, specify the source address for log messages.
• In the Log-Rotate-Frequency field, specify the interval for checking log file size and archiving messages.
NOTE: Log-Rotate-Frequency field is applicable only when the configuration is for file.
• To allow the repeated messages in the system log output files, select the Allow-duplicatescheck box.
3. You can send system logging information to one or more destinations. To send a security log to a remote server:
Under the Host section, configure the following parameters:
• To create a new host, click the plus sign (+).
The Host Configuration page appears, as shown inFigure 7 on page 28.
Figure 7: Modify Syslog–Host Configuration Page
• From the Host Name list, select the host name to notify.
• Under the Contents section, to configure the logging of system messages to the system console:
• Click the plus signs (+), and the Contents page appears.
• To specify the class of messages to log, from the Facility list, select the message class.
• From the Severity list, select the message severity. Messages with severities of the specified level and higher are logged.
• To configure the Contents section, click Ok.
• To allow the repeated messages in the system log output files, select the Allow-duplicatescheck box.
• To include the priority and facility in messages, select the Explicit priority check box.
• To select an alternate facility to substitute for the default facilities, from the Facility override list, select the alternate facility.
• In the Log prefix field, specify a text string to include in each message directed to a remote destination.
• In the Match field, specify a text string that must appear in a message for the message to be logged to a destination.
• In the Port field, enter the port number.
• In the Source Address field, specify the source address for log messages.
• To write system log messages to the log file in structured-data format, select the Structured datacheck box.
• To create a new host configuration, click Ok.
4. To send a security log to a file:
Chapter 5: Device Settings for Logging
Under the File section, configure the following parameters:
• To create a new file to log the system messages, click the plus sign (+).
The File Configuration page appears, as shown inFigure 8 on page 30.
Figure 8: Modify Syslog–File Configuration Page
• In the File Name field, enter the name of file to log the data.
• Under the Content section, configure the following parameters:
• Click the plus signs (+), and the Contents page appears.
• To specify the class of messages to log, from the Facility list, select the message class.
• From the Severity list, select the message severity. Messages with severities of the specified level and higher are logged.
• To configure the Contents section, click Ok.
• To include the priority and facility in messages, select the Explicit priority check box.
• In the Match field, specify a text string that must appear in a message for the message to be logged to a destination.
• To write system log messages to the log file in structured-data format, select the Structured datacheck box.
• To create a new file configuration, click Ok.
5. To configure the logging of system messages to user terminals:
Under the User section, configure the following parameters:
• To configure a new user, click the plus sign (+).
The User Configuration page appears, as shown inFigure 9 on page 31.
Figure 9: Modify Syslog–User Configuration Page
• In the User Name field, enter the name of the user to notify.
• Under the Content section, configure the following parameters:
• Click the plus signs (+), and the Contents page appears.
• To specify the class of messages to log, from the Facility list, select the message class.
• From the Severity list, select the message severity. Messages with severities of the specified level and higher are logged.
• To configure the Contents section, click Ok.
• To allow the repeated messages in the system log output files, select the Allow-duplicatescheck box.
• In the Match field, specify a text string that must appear in a message for the message to be logged to a destination.
• To create a new user, click Ok.
6. To configure the system to send syslog, click Ok.
For more information to enable logging on branch SRX Series devices, seeEnable Logging on Branch SRX Series Devices.
Chapter 5: Device Settings for Logging
Related Documentation
• Log Director Overview on page 19
• Understanding Role-Based Access Control on page 4