Table of Contents

Junos Logging Configuration Examples



Check Log

Operation Command
Check Log Files > show log
Check Log File > show log messages?
Check Log File > show log /var/log/messages
> show log /var/log/messages | last
> show log /var/log/messages | last 100
> show log messages
> show log messages.0.gz
> show log messages | match error
> show log messages | match "error | down | alarm"
Check Log File > file show /var/log/messages

Configuration

log mode (Event mode or Stream mode)

Event mode

set security log event
set security log event-rate 100
set security log format sd-syslog

### (1)For Local Storage ###
set system syslog file TRAFFIC-LOG any any
set system syslog file TRAFFIC-LOG match RT_FLOW

### or 

### (2)For Syslog Server ###
set system syslog host 192.168.0.99 any any
set system syslog host 192.168.0.99 match RT_FLOW


Stream mode

set security log stream 

set security log stream TRAFFIC-LOG format sd-syslog
set security log stream TRAFFIC-LOG host 192.168.0.99


Operation Command
Change log file count # set system syslog file hoge archive files 20
# set system syslog file policy_session archive size 1000k  <-  1,000k = 1M
# set system syslog file policy_session archive files 5
# set system syslog log-rotate-frequency 15   <- check every 15 minutes
set system syslog user * any emergency
set system syslog host x.x.x.x any notice
set system syslog host x.x.x.x authorization info
set system syslog host x.x.x.x match "!(failed to delete .perm file or directory|xntpdmoduli does not exist)"
set system syslog host x.x.x.x facility-override local0
set system syslog file messages any notice
set system syslog file messages authoization info
set system syslog file messages match "!(failed to delete .perm file or directory|xntpdmoduli does not exist)"
set system syslog file interactive-commands interactive-commands any
set system syslog source-address x.x.x.x


Security Log

set security log mode stream
set security log source-address xx.xx.xx.xx
set security log stream trafficlog format syslog
set security log stream trafficlog host xx.xx.xx.xx
set security log stream xxxxxxx

set security screen ids-option Untrust_screen icmp ip-sweep threshold 5000
set security screen ids-option Untrust_screen icmp flood threshold 1000
set security screen ids-option Untrust_screen icmp ping-death
set security screen ids-option Untrust_screen ip spoofing
set security screen ids-option Untrust_screen ip source-route-option
set security screen ids-option Untrust_screen ip tear-drop
set security screen ids-option Untrust_screen tcp port-scan threshold 5000
set security screen ids-option Untrust_screen tcp syn-flood alarm-threshold 1024
set security screen ids-option Untrust_screen tcp syn-flood source-threshold 400
set security screen ids-option Untrust_screen tcp syn-flood destiation-threshold 4000
set security screen ids-option Untrust_screen tcp syn-flood timeout 20
set security screen ids-option Untrust_screen tcp land
set security screen ids-option Untrust_screen udp flood threshold 1000 
set security screen ids-option Untrust_screen limit-session source-ip-based 512