[j-nsp] Logging firewall filter matches to a separate file on an M20

Richard A Steenbergen ras at e-gerbil.net
Wed Feb 2 22:03:41 EST 2005


On Wed, Feb 02, 2005 at 09:34:48PM -0500, D. Campbell MacInnes wrote:
> Hey guys,
> 
> I'm trying to figure out the best way to get logging information out of
> an M20 from a specific filter.
> 
> Problem is, the box has several logging filters running (for various
> purposes) at any given time, so parsing out the output of any given
> logging filter is difficult.
> 
> Obviously, in real time, I can see specific output with a "show firewall
> log detail | match :<string>", but that does me no good if I want to
> automate things.
> 
> I've poked through the docs on the box, and nothing seems to be a good
> fit for what I'm looking to do.
> 
> Ideally, I'd like to log the matches for the filter to a separate file
> that I can then pull of the box in any of a number of ways, but I'm open
> to other suggestions.

You probably don't want to leave "log" action firewalls up long-term. Any 
decent flood of packets which matches the filter will peg your SSB cpu 
relatively easily, which will break things that depend on it (like timely 
icmp generation for traceroute responses).

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)


More information about the juniper-nsp mailing list