[j-nsp] Screening logs on SRX
Fahad Khan
fahad.khan at gmail.com
Wed Sep 8 03:37:02 EDT 2010
JTAC told me to see in messages files .... i have not tested it yet. is it
so?? I am using 10.0R3.10.
regards,
Muhammad Fahad Khan
JNCIP - M/T # 834
IT Specialist
Global Technology Services, IBM
fahad at pk.ibm.com
+92-301-8247638
Skype: fahad-ibm
http://pk.linkedin.com/in/muhammadfahadkhan
On Wed, Sep 8, 2010 at 12:33 PM, Jérôme Fleury <jerome at fleury.net> wrote:
> Thanks Ben,
>
> eagerly waiting for it. But 10.4 seems so far away right now ;)
>
> On Wed, Sep 8, 2010 at 01:45, Ben Dale <bdale at comlinx.com.au> wrote:
> >
> > You aren't the only ones!
> >
> > Fortunately the "screen logs" feature is being introduced in JUNOS 10.4
> which will log when a screen threshold is reached:
> >
> > Sep 8 09:43:31 rtlogd: receives log RT_SCREEN_TCP from RT_IDS at
> severity 3, miscellaneous string=Port scan! source: 172.16.10.23:54326,
> destination: 172.16.10.254:712, zone name: LAN, interface name: vlan.10,
> action: drop, attribute-list=attack-name 10 Port scan! source-address 12
> 172.16.10.23 source-port 5 54326 destination-address 13 172.16.10.254
> destination-port 3 712 source-zone-name 3 LAN interface-name 7 vlan.10
> action 4 drop
> >
> >
> >
> > On 08/09/2010, at 5:41 AM, Jérôme Fleury wrote:
> >
> >> Hi Fahad,
> >>
> >> that's a good question. I've been searching for a long time, and could
> >> not find neither... I'm not even able to see them on my STRM, which
> >> defeats completely the purpose of this appliance.
> >>
> >> On Tue, Sep 7, 2010 at 12:02, Fahad Khan <fahad.khan at gmail.com> wrote:
> >>> Hi Folks,
> >>>
> >>> Can some body tell me that how can I see the logs of the attack packets
> >>> generated by some source for let say "port scan", "IP spoof" etc
> >>>
> >>> Thanks in adv,
> >>>
> >>> regards,
> >>>
> >>> Muhammad Fahad Khan
> >>> JNCIP - M/T # 834
> >>> IT Specialist
> >>> Global Technology Services, IBM
> >>> fahad at pk.ibm.com
> >>> +92-301-8247638
> >>> Skype: fahad-ibm
> >>> http://pk.linkedin.com/in/muhammadfahadkhan
> >>> _______________________________________________
> >>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>>
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>
> >
> >
> >
>
More information about the juniper-nsp
mailing list