Hi,
The RT logs which the SRX had to write to a local file are actually traffic logs.
By default, the SRX 240 is in even mode for traffic logs, which means that all the traffic logs ( and system logs) are handled by the Routing-Engine thus causing high RE CPU on the SRX.
If you change the mode of security logs to stream, these would be handled by the PFE (Dataplane) and directly sent to the syslog server without REs intervention. This would save the RE CPU from going high.
More details in the following link :-
Even after changing the security log mode to stream , the system logs would still be handled by the RE.
Regards,
Sahil Sharma
---------------------------------------------------
Please mark my solution as accepted if it helped, Kudos are appreciated as well.