[j-nsp] Filters and Logging
Steve Holman
sholman at juniper.net
Thu Feb 24 20:25:45 EST 2005
Try this:
user at router> show firewall counter DENYCOUNT
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
> info at beprojects.com
> Sent: Thursday, February 24, 2005 9:08 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Filters and Logging
>
>
> OK, this is going to sound dumb, but I can't figure out where
> my J2300
> is logging denied packets. If I setup a filter with the following:
>
> filter SAMPLE {
> term ESTABLISH {
> from {
> protocol tcp;
> tcp-established;
> }
> then accept;
> }
> term ICMP {
> from {
> protocol icmp;
> icmp-type [ echo-reply unreachable time-exceeded ];
> }
> then accept;
> }
> term DENYALL {
> then {
> count DENYCOUNT;
> log;
> discard;
> }
> }
> }
>
> It works the way it should, but I can't find the denied packets. I
> check "show firewall log" and I see a bunch of packets with A
> (accept),
> which I am not logging, but I don't see any denied packets.
> Even when I
> initiate traffic from the outside and I know it is being
> denied, it is
> not being displayed. Am I looking in the wrong place, or did
> I forget
> something?
>
> Also, how do I stop the A packets from being logged? I didn't enable
> it, so I don't know why it's there. I am running a J2300
> with 7.1R1.3.
> Thanks.
>
> Peder
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>
More information about the juniper-nsp
mailing list