SRX Services Gateway
Highlighted
SRX Services Gateway

user logging

‎07-24-2019 01:40 AM

Hi All,

 

How can check which user added the security policy in SRX firewall ? I  Know the date but not sure which user added the policy ?

 

Thank You.!

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: user logging

‎07-24-2019 01:56 AM
Hi vinaypuntambekar,

1. If you are logging the interactive commands then you can check the syslog file and see who ran what commands

In the below config , we are logging all the interactive commands in the file interactive-commands
Configuration :

set system syslog file interactive-commands interactive-commands


2. Also you can check the output of “show system commit” and it will show you show did what commits at what time.

show system commit
0 2019-07-02 01:30:32 CDT by labroot via cli commit synchronize
1 2019-07-02 01:28:58 CDT by labroot via cli commit synchronize
2 2019-07-02 01:27:16 CDT by labroot via cli commit synchronize
3 2019-07-02 01:25:36 CDT by labroot via cli commit synchronize
4 2019-07-02 01:23:53 CDT by labroot via cli commit synchronize

Once you know the number, you can use the below command to see what changes were made to verify the change. But this output only has last 49 commit outputs.

show system rollback compare 0 1

Regards,
Jibu
Highlighted
SRX Services Gateway

Re: user logging

‎07-25-2019 05:07 AM

Thanks Jibut, but unfortunalty it only shows only 49 commits done..

Highlighted
SRX Services Gateway

Re: user logging

‎07-25-2019 10:05 AM

Hi Vinay,

 

As Jibut mentioned, the "show system commit" is limited to 49. So, what you're seeing is the maximum commit history.

 

> Apart from that, you can use interactive commands to view the changes that have been made on the SRX. For more information, please refer to the following KB article - https://kb.juniper.net/InfoCenter/index?page=content&id=KB30458

 

> Also, you can send the above Syslog to the external Syslog server as well(e.g. Junos Space or others).

 

> If the device is managed by Junos space then we can view on the Junos space device.

 

If you didn't have any of the above 4 options configured, then it is not possible to retrieve the commit history.



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Feedback