[j-nsp] Filters and Logging

Alexander Arsenyev (GU/ETL) alexander.arsenyev at ericsson.com
Fri Feb 25 08:37:44 EST 2005 

Use "sample" and "reject" together in Your filter. 
Define Your sampling configuration something like this:
sampling {

    input {

        family inet {
            
            rate 1; ###<======this ensures that EVERY SINGLE discarded packet is logged
            
        }

    }
    output {
		file {

    		filename discard.log;

    		files 5;  ##<======5 circular files to be used

    		size 10m; ##<======each file is 10 Mbytes

    		stamp;

    		}
       }
}
Then watch Your discarded packets in /var/tmp/discard.log.[0-4]
HTH,
Cheers
Alex

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net]
Sent: 25 February 2005 13:16
To: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Filters and Logging


There has got to be some way to log discarded packets.  C does it, so I 
can't imagine that there isn't some facility in JUNOS to do it.  Anybody 
have any ideas?

Alastair Galloway wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Peder,
> 
> | -----Original Message-----
> | From: juniper-nsp-bounces at puck.nether.net
> | [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
> | info at beprojects.com
> |
> | OK, this is going to sound dumb, but I can't figure out where my
> | J2300 is logging denied packets. If I setup a filter with the
> | following:
> |
> | filter SAMPLE {
> | [snip]
> |       term DENYALL {
> |              then {
> |                  count DENYCOUNT;
> |                  log;
> |                  discard;
> |          }
> |       }
> |    }
> |
> | It works the way it should, but I can't find the denied packets. I
> | check "show firewall log" and I see a bunch of packets with A
> | (accept), which I am not logging, but I don't see any denied packets.
> 
> This one caught me out once, until I notice this line in the documentation:
> 
> ~        discard - The packet is not accepted and is not processed
> ~                  further. Discarded packets cannot be logged or
> ~                  sampled.
> 
> I found it in the JUNOS 6.1 documentation but happily the URL is the
> same for 7.1 - just changing the 6 ot a 7 does finds it:
> http://www.juniper.net/techpubs/software/junos/junos71/swconfig71-policy/html/firewall-config8.html#1014076 
> 
> 
> 
> Cheers,
> 
> Alastair Galloway
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> 
> iD8DBQFCHuxx7L4uFx/M2usRAojhAJ9AC04IyHYw6XljhaymbfmzBWatggCfbPH2
> b3MxQM9mt/mnnZhYjZy4Oxc=
> =9rb+
> -----END PGP SIGNATURE-----
> 
> 
> .
> 
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list