[j-nsp] Filters and Logging

[Bostjan Fele]

Log options just puts them in firewall buffer on forwarding engine (hmm,
have no idea what would that be on J series). If you want it in syslog then
use syslog instead of log option.

Regards,
Bostjan

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net]On Behalf Of info at beprojects.com
Sent: Thursday, February 24, 2005 6:08 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Filters and Logging

OK, this is going to sound dumb, but I can't figure out where my J2300
is logging denied packets.  If I setup a filter with the following:

filter SAMPLE {
         term ESTABLISH {
             from {
                 protocol tcp;
                 tcp-established;
             }
             then accept;
         }
         term ICMP {
             from {
                 protocol icmp;
                 icmp-type [ echo-reply unreachable time-exceeded ];
             }
             then accept;
         }
        term DENYALL {
             then {
                 count DENYCOUNT;
                 log;
                 discard;
            }
                }
   }

It works the way it should, but I can't find the denied packets.  I
check "show firewall log" and I see a bunch of packets with A (accept),
which I am not logging, but I don't see any denied packets.  Even when I
  initiate traffic from the outside and I know it is being denied, it is
not being displayed.  Am I looking in the wrong place, or did I forget
something?

Also, how do I stop the A packets from being logged?  I didn't enable
it, so I don't know why it's there.  I am running a J2300 with 7.1R1.3.
  Thanks.

Peder
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp