[j-nsp] Screening logs on SRX

Jérôme Fleury jerome at fleury.net
Wed Sep 8 03:33:17 EDT 2010


Thanks Ben,

eagerly waiting for it. But 10.4 seems so far away right now ;)

On Wed, Sep 8, 2010 at 01:45, Ben Dale <bdale at comlinx.com.au> wrote:
>
> You aren't the only ones!
>
> Fortunately the "screen logs" feature is being introduced in JUNOS 10.4 which will log when a screen threshold is reached:
>
> Sep  8 09:43:31 rtlogd: receives log RT_SCREEN_TCP from RT_IDS at severity 3, miscellaneous string=Port scan! source: 172.16.10.23:54326, destination: 172.16.10.254:712, zone name: LAN, interface name: vlan.10, action: drop, attribute-list=attack-name 10 Port scan! source-address 12 172.16.10.23 source-port 5 54326 destination-address 13 172.16.10.254 destination-port 3 712 source-zone-name 3 LAN interface-name 7 vlan.10 action 4 drop
>
>
>
> On 08/09/2010, at 5:41 AM, Jérôme Fleury wrote:
>
>> Hi Fahad,
>>
>> that's a good question. I've been searching for a long time, and could
>> not find neither... I'm not even able to see them on my STRM, which
>> defeats completely the purpose of this appliance.
>>
>> On Tue, Sep 7, 2010 at 12:02, Fahad Khan <fahad.khan at gmail.com> wrote:
>>> Hi Folks,
>>>
>>> Can some body tell me that how can I see the logs of the attack packets
>>> generated by some source for let say "port scan", "IP spoof" etc
>>>
>>> Thanks in adv,
>>>
>>> regards,
>>>
>>> Muhammad Fahad Khan
>>> JNCIP - M/T # 834
>>> IT Specialist
>>> Global Technology Services, IBM
>>> fahad at pk.ibm.com
>>> +92-301-8247638
>>> Skype: fahad-ibm
>>> http://pk.linkedin.com/in/muhammadfahadkhan
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>



More information about the juniper-nsp mailing list