[j-nsp] Screening logs on SRX

Ben Dale bdale at comlinx.com.au
Tue Sep 7 19:45:48 EDT 2010


You aren't the only ones!

Fortunately the "screen logs" feature is being introduced in JUNOS 10.4 which will log when a screen threshold is reached:

Sep  8 09:43:31 rtlogd: receives log RT_SCREEN_TCP from RT_IDS at severity 3, miscellaneous string=Port scan! source: 172.16.10.23:54326, destination: 172.16.10.254:712, zone name: LAN, interface name: vlan.10, action: drop, attribute-list=attack-name 10 Port scan! source-address 12 172.16.10.23 source-port 5 54326 destination-address 13 172.16.10.254 destination-port 3 712 source-zone-name 3 LAN interface-name 7 vlan.10 action 4 drop



On 08/09/2010, at 5:41 AM, Jérôme Fleury wrote:

> Hi Fahad,
> 
> that's a good question. I've been searching for a long time, and could
> not find neither... I'm not even able to see them on my STRM, which
> defeats completely the purpose of this appliance.
> 
> On Tue, Sep 7, 2010 at 12:02, Fahad Khan <fahad.khan at gmail.com> wrote:
>> Hi Folks,
>> 
>> Can some body tell me that how can I see the logs of the attack packets
>> generated by some source for let say "port scan", "IP spoof" etc
>> 
>> Thanks in adv,
>> 
>> regards,
>> 
>> Muhammad Fahad Khan
>> JNCIP - M/T # 834
>> IT Specialist
>> Global Technology Services, IBM
>> fahad at pk.ibm.com
>> +92-301-8247638
>> Skype: fahad-ibm
>> http://pk.linkedin.com/in/muhammadfahadkhan
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 





More information about the juniper-nsp mailing list