Solved

How to perform logging for traffic going through a Juniper router and traffic destined for the Juniper Router

Posted on 2014-02-01
5
2,788 Views
Last Modified: 2014-03-25
Hi Team,

  I am trying to figure out how I perform logging for traffic going through a Juniper router and traffic destined for the Juniper Router?
0
Comment
Question by:vreyesii
5 Comments
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 39826353
The policy rules in the webUI have a logging feature that you can use to get a snapshot of the traffic. You can also use flow filters from the command line to get specific logs  In debug mode.

Is there something specific you are looking to log?
0
 

Author Comment

by:vreyesii
ID: 39826357
I am trying not to use the webgui and instead use the command line.  I want to log http/https traffic going through the SRX router and ssh traffic destined for the SRX router.
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 39826368
For logs, I have always used the Web GUI interface. That is where the logs come up.

You can try the command line HELP to display information about system log messages. Here is a Juniper article on that.

http://www.juniper.net/techpubs/en_US/junos10.4/information-products/topic-collections/swconfig-cli/index.html?id-11430873.html

Under the contents (left side) expand CLI command summaries, and then expand Summary of CLI Configuration Mode Commands. Look at the HELP command.

If that does not give you what you want, then you need to use the Web GUI.

.... Thinkpads_User
0
 
LVL 26

Accepted Solution

by:
Soulja earned 335 total points
ID: 39826458
From Juniper Site:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB16509

ENABLE LOGGING

To send security policy logs to a file named traffic-log on the SRX Series device:

user@host# set system syslog file traffic-log any any
user@host# set system syslog file traffic-log match "RT_FLOW_SESSION"

To send security policy logs to a remote syslog server, x.x.x.x:

user@host#  set system syslog host x.x.x.x any any

THEN ENABLE ON SECURITY POLICY YOU WANT TO LOG

To enable logging for a security policy:  (Either or both steps can be configured.)

 For the default-permit security policy, specify that traffic logs are generated when a session closes.

    user@host# set security policies from-zone trust to-zone untrust policy default-permit then log session-close

    (Optional) Specify that traffic logs are generated when a session starts.

user@host# set security policies from-zone trust to-zone untrust policy default-permit then log session-init

TO SEE LOG:

user@host> show log traffic-log

or

user@host> show log messages | match RT_FLOW_SESSION
user@host# set system syslog host x.x.x.x match "RT_FLOW_SESSION"
0
 

Author Comment

by:vreyesii
ID: 39826848
Thank you that information was exactly what I was looking for.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question