Hi Supuluka,
When u said "TWO configuration stanza setup " are u refer to which part? Below is my config. Can u advise me what need to change to make sure on SIEM can see both syslog on Control Plan such as commit, interactive command n etc. At same time SIEM also can see log RT-FLOW.
{primary:node0}
test@SRX5800> show configuration system syslog
archive size 1m files 10;
user * {
any emergency;
}
inactive: host 7.7.7.1 { ----------------------------------> If i activate this then SIEM cannot see log RT-FLOW
any any;
change-log any;
interactive-commands any;
inactive: match RT_FLOW_SESSION;
source-address x.x.x.x;
structured-data;
}
inactive: host 7.7.7.2 {
any any;
change-log any;
interactive-commands any;
source-address x.x.x.x;
structured-data;
}
file messages { ------------------------------------> This log cannot see on SIEM
any notice;
authorization info;
explicit-priority;
}
file interactive-commands { -------------------> This log cannot see on SIEM
interactive-commands any;
}
Thanks and appreciate your advise
