[j-nsp] Screening logs on SRX

Crist Clark Crist.Clark at globalstar.com
Tue Sep 7 20:27:14 EDT 2010 

Which will show up in the NSM logs as a semi-useless "Self log"
like PFE_FW_SYSLOG_IP messages or actually be parsed?


On 9/7/2010 at  4:45 PM, Ben Dale <bdale at comlinx.com.au> wrote:

> You aren't the only ones!
> 
> Fortunately the "screen logs" feature is being introduced in JUNOS
10.4 
> which will log when a screen threshold is reached:
> 
> Sep  8 09:43:31 rtlogd: receives log RT_SCREEN_TCP from RT_IDS at
severity 
> 3, miscellaneous string=Port scan! source: 172.16.10.23:54326,
destination: 
> 172.16.10.254:712, zone name: LAN, interface name: vlan.10, action:
drop, 
> attribute-list=attack-name 10 Port scan! source-address 12
172.16.10.23 
> source-port 5 54326 destination-address 13 172.16.10.254
destination-port 3 
> 712 source-zone-name 3 LAN interface-name 7 vlan.10 action 4 drop
> 
> 
> 
> On 08/09/2010, at 5:41 AM, Jérôme Fleury wrote:
> 
>> Hi Fahad,
>> 
>> that's a good question. I've been searching for a long time, and
could
>> not find neither... I'm not even able to see them on my STRM, which
>> defeats completely the purpose of this appliance.
>> 
>> On Tue, Sep 7, 2010 at 12:02, Fahad Khan <fahad.khan at gmail.com>
wrote:
>>> Hi Folks,
>>> 
>>> Can some body tell me that how can I see the logs of the attack
packets
>>> generated by some source for let say "port scan", "IP spoof" etc
>>> 
>>> Thanks in adv,
>>> 
>>> regards,
>>> 
>>> Muhammad Fahad Khan
>>> JNCIP - M/T # 834
>>> IT Specialist
>>> Global Technology Services, IBM
>>> fahad at pk.ibm.com 
>>> +92-301-8247638
>>> Skype: fahad-ibm
>>> http://pk.linkedin.com/in/muhammadfahadkhan 
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net 
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp 
>>> 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/juniper-nsp 
>> 
> 
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list