Hi Danny,
I'm logging a small traffic for test purpose before redirecting the real
one to syslog server.
Here the output of showing firewall log detail with filter name
logging-traffic.
As you can see there are no others traffic logged, but point to point IP
which BGP session only. (192.168.3.16/30) between two routers.
While suppose to be another traffic passign through...
Time of Log: 2008-12-03 05:50:44 JAVT, Filter: logging-traffic, Filter
action: accept, Name of interface: local
Name of protocol: TCP, Packet Length: 0, Source address:
192.168.3.17:179, Destination address: 192.168.3.18:2693
Time of Log: 2008-12-03 05:50:44 JAVT, Filter: pfe, Filter action:
accept, Name of interface: ge-1/3/0.115
Name of protocol: TCP, Packet Length: 52, Source address:
192.168.3.18:2693, Destination address: 192.168.3.17:179
Time of Log: 2008-12-03 05:50:21 JAVT, Filter: logging-traffic, Filter
action: accept, Name of interface: local
Name of protocol: TCP, Packet Length: 51266, Source address:
192.168.3.17:179, Destination address: 192.168.3.18:2693
Time of Log: 2008-12-03 05:50:21 JAVT, Filter: pfe, Filter action:
accept, Name of interface: ge-1/3/0.115
Name of protocol: TCP, Packet Length: 71, Source address:
192.168.3.18:2693, Destination address: 192.168.3.17:179
Time of Log: 2008-12-03 05:50:14 JAVT, Filter: pfe, Filter action:
accept, Name of interface: ge-1/3/0.115
Name of protocol: TCP, Packet Length: 52, Source address:
192.168.3.18:2693, Destination address: 192.168.3.17:179
Time of Log: 2008-12-03 05:50:13 JAVT, Filter: logging-traffic, Filter
action: accept, Name of interface: local
Name of protocol: TCP, Packet Length: 50661, Source address:
192.168.3.17:179, Destination address: 192.168.3.18:2693
Time of Log: 2008-12-03 05:49:56 JAVT, Filter: logging-traffic, Filter
action: accept, Name of interface: local
Name of protocol: TCP, Packet Length: 51266, Source address:
192.168.3.17:179, Destination address: 192.168.3.18:2693
Time of Log: 2008-12-03 05:49:56 JAVT, Filter: pfe, Filter action:
accept, Name of interface: ge-1/3/0.115
Name of protocol: TCP, Packet Length: 71, Source address:
192.168.3.18:2693, Destination address: 192.168.3.17:179
Time of Log: 2008-12-03 05:49:44 JAVT, Filter: pfe, Filter action:
accept, Name of interface: ge-1/3/0.115
Name of protocol: TCP, Packet Length: 52, Source address:
192.168.3.18:2693, Destination address: 192.168.3.17:179
Time of Log: 2008-12-03 05:49:43 JAVT, Filter: logging-traffic, Filter
action: accept, Name of interface: local
Name of protocol: TCP, Packet Length: 0, Source address:
192.168.3.17:179, Destination address: 192.168.3.18:2693
Time of Log: 2008-12-03 05:49:29 JAVT, Filter: logging-traffic, Filter
action: accept, Name of interface: local
Name of protocol: TCP, Packet Length: 51266, Source address:
192.168.3.17:179, Destination address: 192.168.3.18:2693
Time of Log: 2008-12-03 05:49:29 JAVT, Filter: pfe, Filter action:
accept, Name of interface: ge-1/3/0.115
Expecting :
29w1d: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 10.10.100.32.81(25)
-> 172.16.5.250(30705), 1 packet
29w1d: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 10.10.100.32.57(3306)
-> 172.16.5.250(30716), 1 packet
29w1d: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 10.10.100.32.57(3306)
-> 172.16.5.250(30719), 1 packet
29w1d: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 10.10.100.32.57(3306)
-> 172.16.5.250(30721), 1 packet
29w1d: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 10.10.100.3.220(3306)
-> 172.16.5.250(30722), 1 packet
29w1d: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 10.10.100.32.57(3306)
-> 172.16.5.250(30723), 1 packet
a. r. isnaini rangkayo sutan
Danny Vernals wrote:
The "then log" option only logs to the PFE buffer which is rather
limited in size and also is only exposed in the "sh firewall log"
command you mention, it's not sent to the syslog daemon. However if
you expect to be logging at a high pps it has the benefit of not
adding excess load to the RE. To see more detailed output you can use
"show firewall log detail".
If you would like to send the logging to messages or any other file
you specifiy in the syslog config you need to use "then syslog"
instead.
I'm not sure what you mean by "it match the log but only shows Point
to Point session"
On Mon, Dec 1, 2008 at 10:46 PM, a. rahman isnaini rst / netsoft
<[EMAIL PROTECTED]> wrote:
Hi,
To generate log like cisco "sh logging" using access-list, i have configured
:
- Firewall>Family Inet>Filter "log">Match all then log
- Interface>Unit x> Family Inet> input filter "log"
- System>Services>Syslog>all facilities [any]
All I've seen by "show log messages" is just simply standard log (somebody
is login, etc..).
And as well, "show firewall log", it match the "log" but only shows Point to
Point session.
Any simple way to have log such cisco did ? please kindly advice.
rgs
a. r.isnaini rangkayo sutan
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
