We have configured our SRX cluster in stream mode as recommneded by juniper.
Requirement is to send all Control plane and data palne logs to syslog server y.y.y.y
The problem is that the syslog server will see the single IP address for both the cluster members i.e x.x.x.x to record the logs.
My requirement is to set the different Source IP address of each cluster member for sending the control plane and data plane logs in stream mode so that it can be distinguish which member in cluster sending logs to syslog.
Could anyone suggest the standard and recommended design to achieve this.
For data plane logs
set security log mode stream
set security log format sd-syslog
set security log source-address x.x.x.x
set security log stream syslog1 format sd-syslog
set security log stream syslog1 category all
set security log stream syslog1 host y.y.y.y
set security log stream syslog1 host port 514
for control plane logs
set system syslog host y.y.y.y any any
set system syslog source-address x.x.x.x