Hi all,
I have two SRX3600 in an active/passive cluster configuration. I have enabled screen under security options and now I'm tryng to log the messages it generates to a file.
I have configured the following per Juniper document
syslog {
archive size 128k files 50 world-readable;
user * {
any emergency;
}
file messages {
any warning;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
file interface_logs {
any any;
match UpDown;
}
file IDS_messages {
any any;
match RT_SCREEN;
}
}
The trouble is I'm not seeing any logs being generated by the screen. I do see that the statistics for the screen on the active node are going up but I see no logs being generated.
# run show security screen statistics zone outside node 1
node1:
--------------------------------------------------------------------------
Screen statistics:
IDS attack type Statistics
ICMP flood 144761
UDP flood 22615
TCP winnuke 0
TCP port scan 962
ICMP address sweep 0
TCP sweep 301039
UDP sweep 8336
IP tear drop 0
TCP SYN flood 392134
IP spoofing 2241630
ICMP ping of death 0
IP source route option 0
TCP land attack 0
TCP SYN fragment 0
TCP no flag 1335
IP unknown protocol 38
IP bad options 0
IP record route option 0
IP timestamp option 0
IP security option 0
IP loose source route option 0
IP strict source route option 0
IP stream option 0
ICMP fragment 0
ICMP large packet 105
TCP SYN FIN 0
TCP FIN no ACK 369687
Source session limit 0
TCP SYN-ACK-ACK proxy 0
IP block fragment 96640
Destination session limit 0
Can anyone help me with configuring this?