[j-nsp] Filters and Logging
Alexander Arsenyev (GU/ETL)
alexander.arsenyev at ericsson.com
Fri Feb 25 08:45:30 EST 2005
Sorry, should have said:
use "sample" and "discard" together in Your filter.
Reject will do as weel but ICMP Admin Prohibited (if I'm not mistaken) will be sent which is not good at high
packet rates :-)
I stand corrected.
Cheers
Alex
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net]
Sent: 25 February 2005 13:38
To: juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] Filters and Logging
Use "sample" and "reject" together in Your filter.
Define Your sampling configuration something like this:
sampling {
input {
family inet {
rate 1; ###<======this ensures that EVERY SINGLE discarded packet is logged
}
}
output {
file {
filename discard.log;
files 5; ##<======5 circular files to be used
size 10m; ##<======each file is 10 Mbytes
stamp;
}
}
}
Then watch Your discarded packets in /var/tmp/discard.log.[0-4]
HTH,
Cheers
Alex
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net]
Sent: 25 February 2005 13:16
To: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Filters and Logging
There has got to be some way to log discarded packets. C does it, so I
can't imagine that there isn't some facility in JUNOS to do it. Anybody
have any ideas?
Alastair Galloway wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Peder,
>
> | -----Original Message-----
> | From: juniper-nsp-bounces at puck.nether.net
> | [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
> | info at beprojects.com
> |
> | OK, this is going to sound dumb, but I can't figure out where my
> | J2300 is logging denied packets. If I setup a filter with the
> | following:
> |
> | filter SAMPLE {
> | [snip]
> | term DENYALL {
> | then {
> | count DENYCOUNT;
> | log;
> | discard;
> | }
> | }
> | }
> |
> | It works the way it should, but I can't find the denied packets. I
> | check "show firewall log" and I see a bunch of packets with A
> | (accept), which I am not logging, but I don't see any denied packets.
>
> This one caught me out once, until I notice this line in the documentation:
>
> ~ discard - The packet is not accepted and is not processed
> ~ further. Discarded packets cannot be logged or
> ~ sampled.
>
> I found it in the JUNOS 6.1 documentation but happily the URL is the
> same for 7.1 - just changing the 6 ot a 7 does finds it:
> http://www.juniper.net/techpubs/software/junos/junos71/swconfig71-policy/html/firewall-config8.html#1014076
>
>
>
> Cheers,
>
> Alastair Galloway
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFCHuxx7L4uFx/M2usRAojhAJ9AC04IyHYw6XljhaymbfmzBWatggCfbPH2
> b3MxQM9mt/mnnZhYjZy4Oxc=
> =9rb+
> -----END PGP SIGNATURE-----
>
>
> .
>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list