Routing
Reply
Visitor
martijnh
Posts: 1
Registered: ‎11-11-2010
0

Logging of firewall filter doesn't work

Hi,

 

On a T640 I have made a firewall filter, with on some terms logging.
I can see the hits on the router with show firewall log detail.
But when I tried to send this to a syslog server, it won't work.
Other messages that send to the syslog do work.
Also the messages don't go to a file.

set system syslog host 10.11.7.3 firewall any

set system syslog file firewall firewall any
set system syslog file firewall archive size 1m
set system syslog file firewall archive files 1

set firewall filter wan-in term drop then count smtp-drop
set firewall filter wan-in term drop then log
set firewall filter wan-in term drop then sample
set firewall filter wan-in term drop then reject

Recognized Expert
benb
Posts: 205
Registered: ‎11-05-2007
0

Re: Logging of firewall filter doesn't work

Try changing your log action to syslog.  The log action only logs the packet header to a buffer in the pfe.  If you are not doing traffic sampling, you can also remove the sample action.  This is not required to send the output to syslog.

 

Also note that specifying multiple terminating actions can cause some of the actions to not be processed.  Log and reject are both terminating actions.

 

Here is a link you might find helpful.

 

http://www.juniper.net/techpubs/en_US/junos10.3/topics/usage-guidelines/policy-configuring-actions-i...

 

Ben

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.