Please excuse my ignorance but I've never configred an MX before and haven't even had any class on it - if you know a good video/text that would be great.
I've inherited an MX104 in our lab and tried to setup syslog to get it back to our SIEM. Basic config is
MGMT interfaces SIEM: x.x.255.220 SRX: x.x.255.250
SRX:ge-9 192.168.2.2/30
set interfaces ge-2/0/9 description "Link to MX for SYSLOG"
set interfaces ge-2/0/9 unit 0 family inet address 192.168.2.2/30
MX:ge-9 192.168.2.1/30
set interfaces ge-0/1/9 description "Link to SRX for SYSLOG"
set interfaces ge-0/1/9 unit 0 family inet address 192.168.2.1/30
So you can see (I hope) the connection between the SRX and the MX is via /30 network.
NOTE: I do have a filter setup on MX output so that just source/destination/udp/514 is allowed out and I turned on ICMP for testing. There is also an input filter on SRX side.
Now I have the SRX and other devices correctly sending syslog messages to the SIEM but the same configuration doesn't seem to work on the MX. Guessing that's due to the nature of what the MX is so it needs more steps?
The basic syslog config from the MX (from memory so if syntax is a bit off sorry):
set system syslog host 192.168.2.2 any any
NOTE: there is also file syslog setup but they seem to work
If I force an interface up/down I see the syslog message on the terminal (user any is enabled) but I don't see it on the SRX.
When I look at the interface on the MX, I don't see any packets attempting to leave and obviously don't see any packets getting to the interface on the SRX.
When I attempt to ping from SRX to MX, I get timeouts but if I look at the interface on SRX I see the packet count going up and my filter counter (the temp one for ICMP) does go up. When I look at the interface on the MX I see the packet getting to the interface so I have to assume that the reply is not making it out of the MX.
This is confirmed by pinging from MX to SRX and I do see the counter on my filter on the MX going up but there is no packet hitting the interface and I receive the message OPERATION NOT PERMITTED.
Given this, I have to assume that I have something missing on the MX configuration but I don't know what it is and again, since I've never looked at one nor configured one, I'm not sure where to look.
Searching for SENDING SYSLOG FROM MX TO EXTERNAL HOST yields basic configurations which I already have but gives not indication of settings necessary on the interface which is what I'm guessing is wrong.
Again, sorry for my lack of understanding here but this is my first exposure to the MX series; everything else has been SRX/EX and thanks for any help you can provide.