Solved

How to perform logging for traffic going through a Juniper router and traffic destined for the Juniper Router

Posted on 2014-02-01
5
2,620 Views
Last Modified: 2014-03-25
Hi Team,

  I am trying to figure out how I perform logging for traffic going through a Juniper router and traffic destined for the Juniper Router?
0
Comment
Question by:vreyesii
5 Comments
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 39826353
The policy rules in the webUI have a logging feature that you can use to get a snapshot of the traffic. You can also use flow filters from the command line to get specific logs  In debug mode.

Is there something specific you are looking to log?
0
 

Author Comment

by:vreyesii
ID: 39826357
I am trying not to use the webgui and instead use the command line.  I want to log http/https traffic going through the SRX router and ssh traffic destined for the SRX router.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 39826368
For logs, I have always used the Web GUI interface. That is where the logs come up.

You can try the command line HELP to display information about system log messages. Here is a Juniper article on that.

http://www.juniper.net/techpubs/en_US/junos10.4/information-products/topic-collections/swconfig-cli/index.html?id-11430873.html

Under the contents (left side) expand CLI command summaries, and then expand Summary of CLI Configuration Mode Commands. Look at the HELP command.

If that does not give you what you want, then you need to use the Web GUI.

.... Thinkpads_User
0
 
LVL 26

Accepted Solution

by:
Soulja earned 335 total points
ID: 39826458
From Juniper Site:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB16509

ENABLE LOGGING

To send security policy logs to a file named traffic-log on the SRX Series device:

user@host# set system syslog file traffic-log any any
user@host# set system syslog file traffic-log match "RT_FLOW_SESSION"

To send security policy logs to a remote syslog server, x.x.x.x:

user@host#  set system syslog host x.x.x.x any any

THEN ENABLE ON SECURITY POLICY YOU WANT TO LOG

To enable logging for a security policy:  (Either or both steps can be configured.)

 For the default-permit security policy, specify that traffic logs are generated when a session closes.

    user@host# set security policies from-zone trust to-zone untrust policy default-permit then log session-close

    (Optional) Specify that traffic logs are generated when a session starts.

user@host# set security policies from-zone trust to-zone untrust policy default-permit then log session-init

TO SEE LOG:

user@host> show log traffic-log

or

user@host> show log messages | match RT_FLOW_SESSION
user@host# set system syslog host x.x.x.x match "RT_FLOW_SESSION"
0
 

Author Comment

by:vreyesii
ID: 39826848
Thank you that information was exactly what I was looking for.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now