SRX Services Gateway
Highlighted
SRX Services Gateway

how to check deny traffic log in cli and webui

‎12-24-2019 08:47 AM

Hi,

We have configured below security policy but we are not getting deny log of source IP

 

set security policies from-zone External to-zone DMZ policy DenyALL match source-address any-ipv4
set security policies from-zone External to-zone DMZ policy DenyALL match destination-address any
set security policies from-zone External to-zone DMZ policy DenyALL match application any
set security policies from-zone External to-zone DMZ policy DenyALL then deny
set security policies from-zone External to-zone DMZ policy DenyALL then log session-init
set security policies from-zone External to-zone DMZ policy DenyALL then log session-close


set system syslog file Denied-Traffic any any
set system syslog file Denied-Traffic match RT_FLOW_SESSION_DENY

 

Please suggest which command will help me to get the "deny" logs.   in CLI as we Webui.

Please suggest if any additional config is required.

 

Thanks in advance...

1 REPLY 1
Highlighted
SRX Services Gateway
Solution
Accepted by topic author Target
‎12-26-2019 09:26 AM

Re: how to check deny traffic log in cli and webui

[ Edited ]
‎12-24-2019 08:57 AM

Hi Target,

 

1. "then log session-close" statement is not needed. The option used to log the traffic being denied is "then log session-init".

 

2. Set the security logging mode to "event":

 

# set security log mode event
# commit

 

3. If after the above changes you are still not seeing the logs, try with a broader match statement in the syslog file:

 

# set system syslog file Denied-Traffic match RT_FLOW
# commit
# run show log Denied-Traffic

 

 

 

Pura Vida from Costa Rica - Mark as Resolved if it applies.
Kudos are appreciated too!