[j-nsp] Screening logs on SRX
Ben Dale
bdale at comlinx.com.au
Tue Sep 7 19:45:48 EDT 2010
You aren't the only ones!
Fortunately the "screen logs" feature is being introduced in JUNOS 10.4 which will log when a screen threshold is reached:
Sep 8 09:43:31 rtlogd: receives log RT_SCREEN_TCP from RT_IDS at severity 3, miscellaneous string=Port scan! source: 172.16.10.23:54326, destination: 172.16.10.254:712, zone name: LAN, interface name: vlan.10, action: drop, attribute-list=attack-name 10 Port scan! source-address 12 172.16.10.23 source-port 5 54326 destination-address 13 172.16.10.254 destination-port 3 712 source-zone-name 3 LAN interface-name 7 vlan.10 action 4 drop
On 08/09/2010, at 5:41 AM, Jérôme Fleury wrote:
> Hi Fahad,
>
> that's a good question. I've been searching for a long time, and could
> not find neither... I'm not even able to see them on my STRM, which
> defeats completely the purpose of this appliance.
>
> On Tue, Sep 7, 2010 at 12:02, Fahad Khan <fahad.khan at gmail.com> wrote:
>> Hi Folks,
>>
>> Can some body tell me that how can I see the logs of the attack packets
>> generated by some source for let say "port scan", "IP spoof" etc
>>
>> Thanks in adv,
>>
>> regards,
>>
>> Muhammad Fahad Khan
>> JNCIP - M/T # 834
>> IT Specialist
>> Global Technology Services, IBM
>> fahad at pk.ibm.com
>> +92-301-8247638
>> Skype: fahad-ibm
>> http://pk.linkedin.com/in/muhammadfahadkhan
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list