funiper防火墙日志如何设置
funiper防火墙日志如何设置
juniper防火墙日志怎么样设置才最有效,小编来教你!下面由学习啦小编给你做出详细的juniper防火墙日志设置方法介绍!希望对你有帮助!
juniper防火墙日志设置方法一:
学习啦在线学习网 以远程拨号(xauth)为例:
学习啦在线学习网 netscreen_isg1000-> get event include 120.31.240.98
Date Time Module Level Type Description
学习啦在线学习网 2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID
学习啦在线学习网 <6c0f2afe>: Completed negotiations
学习啦在线学习网 with SPI <3eab9265>, tunnel ID< 45468>,
学习啦在线学习网 and lifetime <3600> seconds/<0> KB.
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID
< 6c0f2afe>: Responded to the peer's
学习啦在线学习网 first message.
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98>: XAuth login was
passed for gateway< Test_Gateway>,
username
IP Addr<11.2.2.70>, IPPool name:
< _TEST_POOL>, Session-Timeout:<0s>,
Idle-Timeout:<0s>.
2008-09-14 10:57:12 system info 00536 IKE<120.31.240.98>: XAuth login was
refreshed for username
学习啦在线学习网 < 11.2.2.70/255.255.255.255>.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial
contact notification and removed Phase
1 SAs.
学习啦在线学习网 2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed
学习啦在线学习网 Aggressive mode negotiations with a
学习啦在线学习网 < 28800>-second lifetime.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed
for user
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial
contact notification and removed Phase
2 SAs.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a
学习啦在线学习网 notification message for DOI< 1>
学习啦在线学习网 < 24578>< INITIAL-CONTACT>.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a
学习啦在线学习网 notification message for DOI< 1>
学习啦在线学习网 < 24577>< REPLAY-STATUS>.
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: IKE
学习啦在线学习网 responder has detected NAT in front of
学习啦在线学习网 the remote device.
2008-09-14 10:57:08 system info 00536 IKE<120.31.240.98> Phase 1: Responder
学习啦在线学习网 starts AGGRESSIVE mode negotiations.
学习啦在线学习网 Total entries matched = 12
而不要使用以下命令:
学习啦在线学习网 netscreen_isg1000-> get event | in 120.31.240.98
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID
2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID
学习啦在线学习网 2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98>: XAuth login was
2008-09-14 10:57:12 system info 00536 IKE<120.31.240.98>: XAuth login was
学习啦在线学习网 2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed
学习啦在线学习网 2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a
2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a
学习啦在线学习网 2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: IKE
学习啦在线学习网 2008-09-14 10:57:08 system info 00536 IKE<120.31.240.98> Phase 1: Responder
特别说明:120.31.240.98是发起方公网IP地址。
juniper防火墙日志设置方法二:
一般用cli查看
先定义一个traceoption的文件名,和需要记录的log类型,
学习啦在线学习网 然后再在策略的最后面then的地方加上log记录属性。
然后用命令show log 【你taceoption定义的log名】
web查看也是需要用命令去定义,然后再在web的system文件夹下面去找这个log文件名,很麻烦
juniper防火墙日志设置方法三:
学习啦在线学习网 普通日志show log message
特殊日志需要定义类型
SRX 抓包
debug:跟踪防火墙对数据包的处理过程
学习啦在线学习网 SRX跟踪报文处理路径的命令:
set security flow traceoptions flag basic-datapath 开启SRX基本报文处理Debug
学习啦在线学习网 set security flow traceoptions file filename.log 将输出信息记录到指定文件中
set security flow traceoptions file filename.log size
set security flow traceoptions packet-filter filter1 destination-prefix 5.5.5.2 设置报文跟踪过滤器
run file show filename.log 查看该Log输出信息
学习啦在线学习网 看了“ funiper防火墙日志如何设置”文章的还看了: