Junos OS

Hi,

Does any version of Junos Enhanced Service running on j-series support:

1)  Ability to view log passing per policy similar to screenOS GUI

2)  Ability to sent traffic log to NSM (similar to screenOS firewall)

Regards,

Haze

Hi,

just to update the post that i can see the feature of logging per policy in GUI in Junos version 10.0R3.10

Don't know if it works....will test  and update thread.

Regards,

Haze

Hi,

To update my own post....

Answer to

1) Junos web device manager does not support viewing traffic logs per policy similar to screen OS as of date of this post. It appears as if it supported in the webUI from 10.0 onwards but it does not work. I clarified this with JTAC. They might be having it working in some future release

2) Traffic logs can be seen in NSM from Junos (thanks to Dominik)

 

Regards,

Haze

 

Hazeen, You can view the log by following KB19490 http://kb.juniper.net/InfoCenter/index?page=content&id=KB19490&actp=RSS# Make sure you follow the step listed Go to Monitor Tab -> Events and alarms -> Security events -> click Configure log (it will to the right of the clear button of the view policy field)

Logging per policy works just fine - the variables of session-init and session-close can be used and update the syslog file (depending on log level selected under syslog settings).

Hi,

But any idea if i can see traffic logs in nsm for Junos?

Regards,

Haze

Hi,

 

could you please verify if your JUNOS devices includes the following statement in its configuration:

 

set system syslog file default-log-messages any any
set system syslog file default-log-messages structured-data

Regards,

Dominik

Haze - yes NSM will gather and report all log data from an SRX box. A couple of things worth noting:

 

1- As Dominick said you will need to configure a specific log file for the NSM server to read. This log file (default-log-messages) is what the NSM server reads. The choice of facility and log level will determine what gets pushed into NSM. For troubleshooting I would start with "any any" - you also have to have the second line (structured-data) so that the messages are formatted so that the NSM server can read them.

 

2- Then apply the standard term "set then log session-init (close) for the policy you want to have traffic logged for.

 

This works just fine - I do it on my boxes.

 

I will also say that I am running 2010.2 with various flavors of 10.0, 10.1 on the SRX/EX/J-Series boxes. Can't say how well it all works on prior releases.

 

Let me know if you have any other questions.