[j-nsp] Filters and Logging
Alastair Galloway
ag at a.co.nz
Fri Feb 25 04:14:30 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Peder,
| -----Original Message-----
| From: juniper-nsp-bounces at puck.nether.net
| [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
| info at beprojects.com
|
| OK, this is going to sound dumb, but I can't figure out where my
| J2300 is logging denied packets. If I setup a filter with the
| following:
|
| filter SAMPLE {
| [snip]
| term DENYALL {
| then {
| count DENYCOUNT;
| log;
| discard;
| }
| }
| }
|
| It works the way it should, but I can't find the denied packets. I
| check "show firewall log" and I see a bunch of packets with A
| (accept), which I am not logging, but I don't see any denied packets.
This one caught me out once, until I notice this line in the documentation:
~ discard - The packet is not accepted and is not processed
~ further. Discarded packets cannot be logged or
~ sampled.
I found it in the JUNOS 6.1 documentation but happily the URL is the
same for 7.1 - just changing the 6 ot a 7 does finds it:
http://www.juniper.net/techpubs/software/junos/junos71/swconfig71-policy/html/firewall-config8.html#1014076
Cheers,
Alastair Galloway
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCHuxx7L4uFx/M2usRAojhAJ9AC04IyHYw6XljhaymbfmzBWatggCfbPH2
b3MxQM9mt/mnnZhYjZy4Oxc=
=9rb+
-----END PGP SIGNATURE-----
More information about the juniper-nsp
mailing list