SRX Services Gateway
Highlighted
SRX Services Gateway

security log filtering for IPv6 addresses...

[ Edited ]
‎12-20-2011 07:57 PM

...does not appear to be working.

 

if you've enabled 'set security log cache <value>' then you'll see that you can view traffic logs with the command 'show security log' with the number of total security event equal to or less than the cache value.  You'll also notice there are some great filtering options for this command.

 

admin@srx100h> show security log ?
Possible completions:
<[Enter]> Execute this command
ascending Sort in ascending order
descending Sort in descending order
destination-address Destination address and optional prefix length
destination-port Destination port
detail Show detail alarm information
event-id Event ID filter
failure Event was a failure
interface-name Name of interface
newer-than Events newer than filter (YYYY-MM-DD.HH:MM:SS)
older-than Events older than filter (YYYY-MM-DD.HH:MM:SS)
process Process that generated the event
protocol Protocol filter
severity Severity of the event
sort-by Sort by selected field
source-address Source address and optional prefix length
source-port Source port
success Event was successful
username Username filter
| Pipe through a command

 

but notice the difference in data for IPv4 vs IPv6 traffic below (yes, I have a functional dual-stack network with he.net as my tunnel broker service).

 

admin@srx100h> show security log | match 2001:470:e0bb | count
Count: 35 lines

admin@srx100h> show security log source-address 2001:470:e0bb::/48
No security events were logged matching this filter

admin@srx100h> show security log | match 192.168.13. | count
Count: 338 lines

admin@srx100h> show security log source-address 192.168.13.0/24 | count
Count: 340 lines

 

Can anyone from Juniper confirm a limitation with filtering IPv6 addresses in the security log?

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: security log filtering for IPv6 addresses...

‎01-18-2012 06:14 PM

Those running IPv6...try this out and respond back please.

Highlighted
SRX Services Gateway

Re: security log filtering for IPv6 addresses...

‎01-20-2012 12:20 PM

I haven't used this particular feature (I syslog via IPv6 to an Ubuntu server), but I'll enable it, play around, and get back with you on what I find.

 

I assume this is on SRX100H (based on hostname). What JunOS version are you running?

 

Thanks,

 

Joel

Highlighted
SRX Services Gateway

Re: security log filtering for IPv6 addresses...

‎02-24-2012 03:01 PM

hi, thanks, 11.4R1.6

Feedback