SRX Services Gateway
Highlighted
SRX Services Gateway

Traffic log filtering

‎07-26-2013 12:47 AM

 

Based on this KB

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16509

i can configure the branch box for SRX logging through junos CLI. how should i filter log for a particlar policy in order to troubleshoot .

currently when i display the traffic-log file it throws all logs it has, is there a way i can filter the log based on policy.or say source address , destination address , protocol etc .

 

2 REPLIES 2
Highlighted
SRX Services Gateway

Re: Traffic log filtering

‎07-26-2013 10:41 AM

You can use the "match" command in your syslog definition. So something like this: 

 

set system syslog file policy-log user info [Will capture policy session info (create, close, deny)]

set system syslog file policy log match "syntax for matching here" [ie match on an IP addr or a policy name]

 

This works just fine. The first line captures all of the session info based on your policy log statement(s) (session-init, session-close) The second filters what is written to the file based on the match criteria.

 

So you could have one log per policy as an example. 

 

Don't have direct access to an SRX right now so I can't give you examples of the match syntax but it is pretty straightforward. 

 

Hope this helps. 

 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Highlighted
SRX Services Gateway

Re: Traffic log filtering

‎07-26-2013 03:08 PM

Additionally, here are some other debugging options.

 

set security flow traceoptions file DebugTraffic

set security flow traceoptions flag basic-datapath

set security flow traceoptions packet-filter MatchTraffic source-prefix x.x.x.x/32 destination-prefix y.y.y.y/32

set security flow traceoptions packet-filter MatchTrafficReverse source-prefix y.y.y.y/32 destination-prefix x.x.x.x/32

 


set security policies traceoptions file PolicyLookup
set security policies traceoptions file match <match_condition>
set security policies traceoptions flag lookup
set security policies traceoptions flag rules
set security policies traceoptions flag configuration

 

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Feedback