funiper防火墻日志如何設(shè)置
funiper防火墻日志如何設(shè)置
juniper防火墻日志怎么樣設(shè)置才最有效,小編來教你!下面由學(xué)習(xí)啦小編給你做出詳細的juniper防火墻日志設(shè)置方法介紹!希望對你有幫助!
juniper防火墻日志設(shè)置方法一:
以遠程撥號(xauth)為例:
netscreen_isg1000-> get event include 120.31.240.98
Date Time Module Level Type Description
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID
<6c0f2afe>: Completed negotiations
with SPI <3eab9265>, tunnel ID< 45468>,
and lifetime <3600> seconds/<0> KB.
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID
< 6c0f2afe>: Responded to the peer's
first message.
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98>: XAuth login was
passed for gateway< Test_Gateway>,
username
IP Addr<11.2.2.70>, IPPool name:
< _TEST_POOL>, Session-Timeout:<0s>,
Idle-Timeout:<0s>.
2008-09-14 10:57:12 system info 00536 IKE<120.31.240.98>: XAuth login was
refreshed for username
< 11.2.2.70/255.255.255.255>.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial
contact notification and removed Phase
1 SAs.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed
Aggressive mode negotiations with a
< 28800>-second lifetime.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed
for user
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial
contact notification and removed Phase
2 SAs.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a
notification message for DOI< 1>
< 24578>< INITIAL-CONTACT>.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a
notification message for DOI< 1>
< 24577>< REPLAY-STATUS>.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: IKE
responder has detected NAT in front of
the remote device.
2008-09-14 10:57:08 system info 00536 IKE<120.31.240.98> Phase 1: Responder
starts AGGRESSIVE mode negotiations.
Total entries matched = 12
而不要使用以下命令:
netscreen_isg1000-> get event | in 120.31.240.98
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98>: XAuth login was
2008-09-14 10:57:12 system info 00536 IKE<120.31.240.98>: XAuth login was
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: IKE
2008-09-14 10:57:08 system info 00536 IKE<120.31.240.98> Phase 1: Responder
特別說明:120.31.240.98是發(fā)起方公網(wǎng)IP地址。
juniper防火墻日志設(shè)置方法二:
一般用cli查看
先定義一個traceoption的文件名,和需要記錄的log類型,
然后再在策略的最后面then的地方加上log記錄屬性。
然后用命令show log 【你taceoption定義的log名】
web查看也是需要用命令去定義,然后再在web的system文件夾下面去找這個log文件名,很麻煩
juniper防火墻日志設(shè)置方法三:
普通日志show log message
特殊日志需要定義類型
SRX 抓包
debug:跟蹤防火墻對數(shù)據(jù)包的處理過程
SRX跟蹤報文處理路徑的命令:
set security flow traceoptions flag basic-datapath 開啟SRX基本報文處理Debug
set security flow traceoptions file filename.log 將輸出信息記錄到指定文件中
set security flow traceoptions file filename.log size
set security flow traceoptions packet-filter filter1 destination-prefix 5.5.5.2 設(shè)置報文跟蹤過濾器
run file show filename.log 查看該Log輸出信息
看了“ funiper防火墻日志如何設(shè)置”文章的還看了: