Showing results for 
Search instead for 
Did you mean: 

Firewall/policy logs to syslog

Occasional Contributor

Firewall/policy logs to syslog

Is there any way for an SA to send policy permits and denies to syslog? The SRX sends out all sorts of detailed logs, but it seems like the SA doesn't send a thing? It makes things really hard to troubleshoot when I can't see the SA blocking traffic.

Frequent Contributor

Re: Firewall/policy logs to syslog

Events are logged locally and can be sent to one or many syslog servers. Navigate to  System > Log/Monitoring > (Events or User Access or Admin Access) > Settings to configure your syslog servers and what you want to log.

I'm going to make the assumption that you're referring to VPN tunneling clients like Network Connect and Pulse when you say "policy permits and allows". I've troubleshot ACLs on cisco gear in the past and I don't think that you're going to find analogous packet drop list on the IVE or MAGs.

If you're allowing or blocking network ports and subnets that a user can reach with the VPN tunneling cliends based on Host Checker policies, I'd suggest using the User  Access logs to see what roles and thus what policies are being assigned to a user once they're logged in. If your configuration is such that you have many VPN tunneling access policies assigned to a small number of roles, it may be easier to collect a policy trace for a user's session instead.

Does this help?