funiper防火墙日志如何设置
funiper防火墙日志如何设置
juniper防火墙日志怎么样设置才最有效,小编来教你!下面由学习啦小编给你做出详细的juniper防火墙日志设置方法介绍!希望对你有帮助!
juniper防火墙日志设置方法一:
以远程拨号(xauth)为例:
netscreen_isg1000-> get event include 120.31.240.98
Date Time Module Level Type Description
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID
<6c0f2afe>: Completed negotiations
with SPI <3eab9265>, tunnel ID< 45468>,
and lifetime <3600> seconds/<0> KB.
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID
< 6c0f2afe>: Responded to the peer's
first message.
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98>: XAuth login was
passed for gateway< Test_Gateway>,
username
IP Addr<11.2.2.70>, IPPool name:
< _TEST_POOL>, Session-Timeout:<0s>,
Idle-Timeout:<0s>.
2008-09-14 10:57:12 system info 00536 IKE<120.31.240.98>: XAuth login was
refreshed for username
< 11.2.2.70/255.255.255.255>.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial
contact notification and removed Phase
1 SAs.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed
Aggressive mode negotiations with a
< 28800>-second lifetime.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed
for user
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial
contact notification and removed Phase
2 SAs.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a
notification message for DOI< 1>
< 24578>< INITIAL-CONTACT>.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a
notification message for DOI< 1>
< 24577>< REPLAY-STATUS>.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: IKE
responder has detected NAT in front of
the remote device.
2008-09-14 10:57:08 system info 00536 IKE<120.31.240.98> Phase 1: Responder
starts AGGRESSIVE mode negotiations.
Total entries matched = 12
而不要使用以下命令:
netscreen_isg1000-> get event | in 120.31.240.98
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98>: XAuth login was
2008-09-14 10:57:12 system info 00536 IKE<120.31.240.98>: XAuth login was
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: IKE
2008-09-14 10:57:08 system info 00536 IKE<120.31.240.98> Phase 1: Responder
特别说明:120.31.240.98是发起方公网IP地址。
juniper防火墙日志设置方法二:
一般用cli查看
先定义一个traceoption的文件名,和需要记录的log类型,
然后再在策略的最后面then的地方加上log记录属性。
然后用命令show log 【你taceoption定义的log名】
web查看也是需要用命令去定义,然后再在web的system文件夹下面去找这个log文件名,很麻烦
juniper防火墙日志设置方法三:
普通日志show log message
特殊日志需要定义类型
SRX 抓包
debug:跟踪防火墙对数据包的处理过程
SRX跟踪报文处理路径的命令:
set security flow traceoptions flag basic-datapath 开启SRX基本报文处理Debug
set security flow traceoptions file filename.log 将输出信息记录到指定文件中
set security flow traceoptions file filename.log size
set security flow traceoptions packet-filter filter1 destination-prefix 5.5.5.2 设置报文跟踪过滤器
run file show filename.log 查看该Log输出信息
看了“ funiper防火墙日志如何设置”文章的还看了: