[j-nsp] Traffic Logging
Danny Vernals
danny.vernals at gmail.com
Tue Dec 2 10:17:09 EST 2008
The "then log" option only logs to the PFE buffer which is rather
limited in size and also is only exposed in the "sh firewall log"
command you mention, it's not sent to the syslog daemon. However if
you expect to be logging at a high pps it has the benefit of not
adding excess load to the RE. To see more detailed output you can use
"show firewall log detail".
If you would like to send the logging to messages or any other file
you specifiy in the syslog config you need to use "then syslog"
instead.
I'm not sure what you mean by "it match the log but only shows Point
to Point session"
On Mon, Dec 1, 2008 at 10:46 PM, a. rahman isnaini rst / netsoft
<risnaini at netsoft.net.id> wrote:
> Hi,
>
>
> To generate log like cisco "sh logging" using access-list, i have configured
> :
> - Firewall>Family Inet>Filter "log">Match all then log
> - Interface>Unit x> Family Inet> input filter "log"
> - System>Services>Syslog>all facilities [any]
>
> All I've seen by "show log messages" is just simply standard log (somebody
> is login, etc..).
> And as well, "show firewall log", it match the "log" but only shows Point to
> Point session.
>
> Any simple way to have log such cisco did ? please kindly advice.
>
> rgs
> a. r.isnaini rangkayo sutan
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list