Juniper Srx Configuration

LogZilla documentation for Juniper Srx Configuration

Juniper SRX Configuration

Juniper SRX devices should send logs in RFC5424 structured format (key‑value pairs) rather than legacy RFC3164. The SRX sd-syslog format is recommended.

Prerequisites

  • Confirm syslog listener ports on the LogZilla server (see Syslog Settings).
  • Choose a stable source IP/interface on the SRX for logging.
  • Ensure network policy allows the SRX to reach LogZilla on the selected syslog port.

Configure SRX security logging (structured syslog)

Enter configuration mode and apply settings similar to the following. Replace the sample addresses with the correct SRX source and LogZilla destination.

text
edit
set security log mode stream
set security log format sd-syslog
set security log source-address 1.1.1.1
set security log stream logzilla host 10.1.1.2
show | compare
commit check
commit

Notes:

  • format sd-syslog enables RFC5424 structured data.
  • source-address is the SRX interface address used as the syslog source.
  • The stream logzilla host command sets the LogZilla destination address.

Verification

  1. Generate traffic or events that produce logs on the SRX.
  2. In LogZilla, search by host or program to confirm reception. For example:
    • host:"1.1.1.1" (the configured SRX source address)
    • Text from expected messages
  3. For packet‑level checks and capture examples, see Syslog Troubleshooting.

Juniper appstore rule (optional)

The Juniper appstore rule improves readability and adds user tags for key fields. Install from the Settings → App store page.

Install Juniper appstore app

Related topics

Juniper Srx Configuration | LogZilla Documentation