学习啦 > 学习电脑 > 电脑安全 > 防火墙知识 > funiper防火墙日志如何设置

funiper防火墙日志如何设置

时间: 林辉766 分享

funiper防火墙日志如何设置

  juniper防火墙日志怎么样设置才最有效,小编来教你!下面由学习啦小编给你做出详细的juniper防火墙日志设置方法介绍!希望对你有帮助!

  juniper防火墙日志设置方法一:

  以远程拨号(xauth)为例:

  netscreen_isg1000-> get event include 120.31.240.98

  Date Time Module Level Type Description

  2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID

  <6c0f2afe>: Completed negotiations

  with SPI <3eab9265>, tunnel ID< 45468>,

  and lifetime <3600> seconds/<0> KB.

  2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID

  < 6c0f2afe>: Responded to the peer's

  first message.

  2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98>: XAuth login was

  passed for gateway< Test_Gateway>,

  username , retry: 0, Client

  IP Addr<11.2.2.70>, IPPool name:

  < _TEST_POOL>, Session-Timeout:<0s>,

  Idle-Timeout:<0s>.

  2008-09-14 10:57:12 system info 00536 IKE<120.31.240.98>: XAuth login was

  refreshed for username at

  < 11.2.2.70/255.255.255.255>.

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial

  contact notification and removed Phase

  1 SAs.

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed

  Aggressive mode negotiations with a

  < 28800>-second lifetime.

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed

  for user .

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial

  contact notification and removed Phase

  2 SAs.

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a

  notification message for DOI< 1>

  < 24578>< INITIAL-CONTACT>.

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a

  notification message for DOI< 1>

  < 24577>< REPLAY-STATUS>.

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: IKE

  responder has detected NAT in front of

  the remote device.

  2008-09-14 10:57:08 system info 00536 IKE<120.31.240.98> Phase 1: Responder

  starts AGGRESSIVE mode negotiations.

  Total entries matched = 12

  而不要使用以下命令:

  netscreen_isg1000-> get event | in 120.31.240.98

  2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID

  2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID

  2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98>: XAuth login was

  2008-09-14 10:57:12 system info 00536 IKE<120.31.240.98>: XAuth login was

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a

  2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: IKE

  2008-09-14 10:57:08 system info 00536 IKE<120.31.240.98> Phase 1: Responder

  特别说明:120.31.240.98是发起方公网IP地址。

  juniper防火墙日志设置方法二:

  一般用cli查看

  先定义一个traceoption的文件名,和需要记录的log类型,

  然后再在策略的最后面then的地方加上log记录属性。

  然后用命令show log 【你taceoption定义的log名】

  web查看也是需要用命令去定义,然后再在web的system文件夹下面去找这个log文件名,很麻烦

  juniper防火墙日志设置方法三:

  普通日志show log message

  特殊日志需要定义类型

  SRX 抓包

  debug:跟踪防火墙对数据包的处理过程

  SRX跟踪报文处理路径的命令:

  set security flow traceoptions flag basic-datapath 开启SRX基本报文处理Debug

  set security flow traceoptions file filename.log 将输出信息记录到指定文件中

  set security flow traceoptions file filename.log size 设置该文件大小,缺省128k

  set security flow traceoptions packet-filter filter1 destination-prefix 5.5.5.2 设置报文跟踪过滤器

  run file show filename.log 查看该Log输出信息

  看了“ funiper防火墙日志如何设置”文章的还看了:

1.360防火墙日志在哪里

2.如何设置DDOS防火墙各项参数

3.防火墙配置命令是怎么样的

4.cisco防火墙怎么样设置最好

5.h3c防火墙如何设置adsl

6.ARP防火墙参数设置方法有哪些

781972