Re: SIEM cannot received log when SRX using stream mode?

Hi sahilsha

Below is the config. FYI, no issue reachibility from SRX to SIEM. Previously the mode is "event" but due to CPU high in SRX then i change using stream mode. After i change to stream mode then SIEM not received log from SRX. But using Junos Space Log Collector no issue. So i'm not sure whether SIEM have need some changes also due to stream mode.  Appreciate someone advise.

{primary:node0}
test@srx5800> show configuration security log
mode stream;
inactive: event-rate 1000;
format sd-syslog;
source-address 10.70.50.18;
stream TO-SIEM {
    format sd-syslog;
    category all;
    host {
        10.60.30.50;
    }
}
stream TO-LOG-COLLECTOR {
    format sd-syslog;
    category all;
    host {
        10.60.30.51;
    }
}