Hello ,
Is there any command to check the bandwidth of traffic passing through the srx 650 for inspection of throughput ?
Please HELP
Regards,
↧
Command to check the bandwidth in SRX
↧
Re: DHCP lease time not being respected
the code you are telling me to replace with is having [edit] and root#
and you know that any small error can mess things up
i mean this is the gateway to my whole infrastructure here.
Will be great to only post EXACTLY what needs to be replaced without any error or un-wanted charracter
Thanks
Yes will mark as solution but so far you keep pasting commands and stuffs and am getting confused even more. I posted my own code easy and clear.
#1. Also will my router need a restart?
#2. Will all current lease be lost?
Again thanks; really appreciate your help
↧
↧
Re: Command to check the bandwidth in SRX
Hello,
'monitor interface traffic' will give you pps for all the interfaces.
Regards,
Rushi
↧
Re: Site-to-Site VPN with Inline Transparent Web Filter
It works. I'm just tracking down some OSPF issues so all the routes get advertised correctly and then I'll post the config.
↧
Re: Route-based VPN on SRX3600 mysteriously drops packets
Wow indeed...
SRX5400 in HA cluster at 15.1X49-D50.3
Above procedure from unktone made one of my tunnels finally work!
↧
↧
Re: Route-based VPN on SRX3600 mysteriously drops packets
5 years and only a cludge of a fix, really?
Was JTAC engaged?
Was there a PR for this issue?
Was JTAC engaged?
Was there a PR for this issue?
↧
Re: l2cpd-service is thrashing, not restarted ntpd-service is thrashing, not restarted
Yes, theser are false positive and Juniper TAC/Engineering team is aware about this and work is in progress. Till we get a fix you may supress these logs as in KB9382
↧
SIEM cannot received log when SRX using stream mode?
Hi All,
May i know whether we need do some special config to make SIEM can received log from SRX using stream mode? Or does SIEM need special setting that it can received log stream from SRX? I'm using below url. Reachibility no issue and i'm use reth interface as mangement.
http://91sec.blogspot.my/2015/10/juniper-srx-logging-configuration.html
Appreciate someone help.
↧
Re: SIEM cannot received log when SRX using stream mode?
Hi,
Please share your configuration from the SRX.
- What is the output of "show route <SIEM IP>" ?
- Is that interface through which SIEM is reachable, part of a VR ?
- What is the source address being used for stream mode logs ?
Regards,
Sahil Sharma
---------------------------------------------------
Please mark my solution as accepted if it helped, Kudos are appreciated as well.
↧
↧
Re: SIEM cannot received log when SRX using stream mode?
Hi sahilsha
Below is the config. FYI, no issue reachibility from SRX to SIEM. Previously the mode is "event" but due to CPU high in SRX then i change using stream mode. After i change to stream mode then SIEM not received log from SRX. But using Junos Space Log Collector no issue. So i'm not sure whether SIEM have need some changes also due to stream mode. Appreciate someone advise.
{primary:node0}
test@srx5800> show configuration security log
mode stream;
inactive: event-rate 1000;
format sd-syslog;
source-address 10.70.50.18;
stream TO-SIEM {
format sd-syslog;
category all;
host {
10.60.30.50;
}
}
stream TO-LOG-COLLECTOR {
format sd-syslog;
category all;
host {
10.60.30.51;
}
}
↧
Re: SIEM cannot received log when SRX using stream mode?
Hi,
Thanks for providing the configuration.
Please answer the following questions as well :-
- What is the output of "show route <SIEM IP>" ?
- Is that interface through which SIEM is reachable, part of a VR ?
- Which interface has the address 10.70.50.18 ?
Regards,
Sahil Sharma
---------------------------------------------------
Please mark my solution as accepted if it helped, Kudos are appreciated as well.
↧
Re: SIEM cannot received log when SRX using stream mode?
Hi sahilsha
There is no VR in this firewall. If just change the mode supposedly it not issue right?
{primary:node0}
test@srx5800> show route x.x.x.x
inet.0: 16 destinations, 18 routes (16 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.0/8 *[Static/5] 37w0d 20:18:03
> to x.x.x.x via reth0.380
↧
Re: SIEM cannot received log when SRX using stream mode?
Can you confirm that the source address configured for logging ( 10.70.50.18) is on the interface facing the route to the SEIM (reth0.380).
↧
↧
Re: SIEM cannot received log when SRX using stream mode?
Hi Spuluka,
Yes, It's confirm. The issue that it's work on mode event but after i changes on stream mode the SIEM not received any log from SRX. But when i changes back to mode event then no issue for SIEM received the log.
Thanks
↧
Re: SIEM cannot received log when SRX using stream mode?
Hi,
Please provide the following output from shell :-
%srx-cprod.sh -s spu -c "sh usp rtlog conn"
%srx-cprod.sh -s spu -c "sh usp rtlog stream"
Regards,
Sahil Sharma
---------------------------------------------------
Please mark my solution as accepted if it helped, Kudos are appreciated as well.
↧
High availability between srx210H and srx210HE
Hi everyone,
i have srx210H and srx210HE.is it possible to deploy high availability in both devices? And the next question is that for control link and fabric link the same STP category 6 cables are used or there are some special cables for it to connect control link and fabric links...If anyone has done this scenario pls share it with me for help.
↧
Re: High availability between srx210H and srx210HE
The cabling used for the HA are standard ethernet cables.
You could successfully cluster an H to an HE device. Naturally any cards in the slots must match on both devices. But you will need to be careful that you don't try to use any features that require the HE model. If I remember correctly this basically means you will be limited in Junos upgrade version to the top version allowed on the H model.
The other caveat is that technically this configuration would be "unsupported" as Juniper does state that clustering is only supported on exact matching models. So you may have a JTAC case where the clustering itself is an issue and you will be told no further troubleshooting would be done until the devices matched in hardware. But my general experience with JTAC is that they do help until it becomes a serious possibility that the support issue is related to the "unsupported" configuration. they are not like some vendors where they do the litmus test up front and close the ticket regardless of the issue. However, there is a risk of not getting support when you need it.
↧
↧
Re: SIEM cannot received log when SRX using stream mode?
Sorry, I missed this little note above:
After i change to stream mode then SIEM not received log from SRX.
But using Junos Space Log Collector no issue.
I would do a packet capture on the SIEM or the switch port span right before the SIEM to verify the log data is reaching the server. And I suspect there is either a host setup to accept the logs missing or a log format issue. Although most SIEM I've seen accept Structured Data syslog.
Another possibility is some kind of bug related to the SIEM and Junos version. So a quick search of the PR database for your SIEM vendor and Junos version could see if one exists already.
↧
Re: SIEM cannot received log when SRX using stream mode?
Hi Shilsa,
Does command that u inform need root previlege? Just for tour information the SIEM is "McAfee ESM" with ver 9.6.0.
% srx-cprod.sh -s spu -c "sh usp rtlog steam"
======== Start SPU0.0, node0.fpc0.pic0, spu ========
================ node0.fpc0.pic0 ================
Permission denied, couldn't create TNP socket to SCB.
======== End SPU0.0, node0.fpc0.pic0 ========
======== Start SPU0.1, node0.fpc0.pic1, spu ========
================ node0.fpc0.pic1 ================
Permission denied, couldn't create TNP socket to SCB.
======== End SPU0.1, node0.fpc0.pic1 ========
↧
Re: SIEM cannot received log when SRX using stream mode?
McAfee seems to be recommending the configuration be done in the syslog hierarching instead of security log hierarchy. Not sure if that makes a difference in the log formatting or not.
↧