This Branch series SRX logging via cluster issue.
The goal is to use stream logging AND have the backup node send syslog simultaneously, though all solutions I've seen ignore the backup RG0 node's syslog, and none that I've seen are valid including the cluster best practices document.
Syslog is received by both nodes via FXP0 when a backup-router statement is configured pointing traffic to the mgmt network gateway. RG0 active node uses inet.0 routing table, and the backup router uses the backup-router statement. Each syslogs from it's own FXP0 address using groups and node config.
The problem comes into play when trying to configure stream mode logging, which must use a revenue port (although I do see data plane logs via FXP0 when I configure security log mode stream, but I assume this is still using the control plane). I have a routing instance with a rethX.X port that can reach the syslog server, but a next-table route to this routing-instance will break the backup RG0 node's syslog, though the active node will successfully send control + data via the revenue port.
The only solution I can think of is abandoning the fxp port altogether (or at least for logging) and configuring a gig port as the management port with the backup router statements via management vlan gateway on the gig port.
Has anyone else run into this and have an alternate solution (backup node must send syslog).
Abandoning the FXP interface altogether or configuring 2 management interfaces for every device do not seem like great solutions.