Juniper防火墙日常维护

symmetric crypto key has been generated successfully.

2013-01-05 15:03:17 system info 00536 IKE 194.39.131.166: Phase 2 msg ID

a6000770: Received responder lifetime 2.2.4

1.9 查看事件日志 —— JunOS

在默认配置下SRX防火墙的日志文件名称为：messages 。查看该日志文件的命令为：show log messages

示例：

root> show log messages

Nov 11 15:25:03 cron[1174]: (root) CMD ( /usr/libexec/atrun)

Nov 11 15:27:26 rpd[1098]: Decode ifd sp-0/0/0 index 135: ifdm_flags 0xc010

Nov 11 15:27:26 rpd[1098]: krt_inherit_ifd_aps_flags sp-0/0/0 index 135: <> from self Nov 11 15:30:03 cron[1179]: (root) CMD ( /usr/libexec/atrun) Nov 11 15:30:03 cron[1180]: (root) CMD (newsyslog)

Nov 11 15:35:02 cron[1185]: (root) CMD ( /usr/libexec/atrun)

Nov 11 15:36:49 mgd[1160]: UI_CMDLINE_READ_LINE: User 'root', command 'show configuration ' Nov 11 15:37:28 rpd[1098]: Decode ifd ge-0/0/0 index 133: ifdm_flags 0xc001

Nov 11 15:37:28 rpd[1098]: krt_inherit_ifd_aps_flags ge-0/0/0 index 133: <> from self

Nov 11 15:37:28 rpd[1098]: EVENT ge-0/0/0.0 index 69 address #0 0.c.29.77.62.ac

Nov 11 15:37:28 rpd[1098]: EVENT UpDown ge-0/0/0.0 index 69 192.168.36.154/24 -> 192.168.36.255

Nov 11 15:37:28 rpd[1098]: EVENT ge-0/0/0 index 133 address #0 0.c.29.77.62.ac

Nov 11 15:37:28 mib2d[1097]: SNMP_TRAP_LINK_DOWN: ifIndex 506, ifAdminStatus up(1), ifOperStatus down(2), ifName ge-0/0/0

Nov 11 15:37:30 rpd[1098]: Cancelling deferral ge-0/0/0 index 133 -> ge-0/0/0 index 133 Nov 11 15:37:30 /kernel: if_msg_ifl_addr_del 69 0xc570f856 0xc570f86a 24 0x3

Nov 11 15:37:30 rpd[1098]: EVENT Delete ge-0/0/0.0 index 69 192.168.36.154/24 -> 192.168.36.255

Nov 11 15:37:30 rpd[1098]: Decode ifd sp-0/0/0 index 135: ifdm_flags 0xc010

Nov 11 15:37:30 rpd[1098]: krt_inherit_ifd_aps_flags sp-0/0/0 index 135: <> from self

Nov 11 15:37:30 USP_IF_TOOLKIT: DETACH: ifl_index 69, flags 0, localaddr 0x66f64b17 local_plen 32

Nov 11 15:37:30 IFP trace> ifp_ifa_add_del_event: ifp_ifa_add_del_event: ge-0/0/0, op 3, msg->ifl_index 69, msg->proto 2

Nov 11 15:37:30 IFP trace> ifp_ifa_del: ifp_ifa_del : ge-0/0/0, msg->ifl_index 69 local prefix 2586093760/32, dest prefix 2402496/24

《Juniper防火墙日常维护手册-v20131112》 第 29页 共59页

1.10 查看策略流量日志

（1）ScreenOS

在CLI下命令为：get log traffic

在CLI下使用get log traffic命令可以按策略、时间、IP、端口等查看流量日志，有以下命令选项：

JP1000A -> get log traffic

> redirect output | match output

detail log detail level

dst-ip show traffic to destination IPs dst-port show traffic to destination ports end-date stop date end-time stop time

in-interface show traffic according to in interface max-duration max duration min-duration min duration no-rule-displayed not show rule info

out-interface show traffic according to out interface policy show traffic under policies protocol show traffic to protocol

service show traffic under any service sort-by show sorted traffic log

src-ip show traffic from source IPs src-port show traffic from source ports start-date start date start-time start time

示例：

JP1000A-> get log traffic policy 30003

PID 30003, from Trust to DMZ, src MFT-GW-G, dst MFT-SR-G, service TCP-6810 TCP-6811, action Permit Total traffic entries matched under this policy = 249

============================================================================================== Date Time Duration Source IP Port Destination IP Port Service SessionID Reason Xlated Src IP Port Xlated Dst IP Port ID

============================================================================================== 2012-10-04 12:08:38 973:12:41 10.1.44.72 7039 10.254.253.11 6811 TCP PORT 6811 524020

《Juniper防火墙日常维护手册-v20131112》 第 30页 共59页

Close - NSRP 10.1.44.72 7039 10.254.253.11 6811

2012-10-04 12:08:38 973:12:41 10.1.44.72 7034 10.254.253.11 6811 TCP PORT 6811 523936 Close - NSRP 10.1.44.72 7034 10.254.253.11 6811

2012-10-04 12:08:38 973:12:42 10.1.44.72 7001 10.254.253.11 6811 TCP PORT 6811 523983 Close - NSRP 10.1.44.72 7001 10.254.253.11 6811

（2）JunOS

在默认配置下SRX防火墙不记录策略流量日志。使用J-Web，在 Monitor —— Event and Alarms —— Security Events 下，点击【Create log configration】，即可自动创建相关配置。配置命令为：

set system syslog file policy_session user info

set system syslog file policy_session match RT_FLOW_SESSION set system syslog file policy_session archive size 10m set system syslog file policy_session archive files 3

set system syslog file policy_session archive world-readable set system syslog file policy_session structured-data

set security log mode event （在High-END产品上需要配置） set security log event-rate 1000 set security log format sd-syslog

在CLI - 操作模式下命令为：show log policy_session 示例：

root> show log policy_session

<14>1 2013-11-11T16:12:31.029Z - RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@2636.1.1.1.2.96 reason=\Timeout\source-address=\source-port=\destination-address=\destination-port=\service-name=\nat-source-address=\nat-source-port=\nat-destination-address=\nat-destination-port=\src-nat-rule-name=\dst-nat-rule-name=\protocol-id=\policy-name=\source-zone-name=\destination-zone-name=\session-id-32=\packets-from-client=\bytes-from-client=\packets-from-server=\bytes-from-server=\elapsed-time=\application=\nested-application=%username=\roles=\packet-incoming-interface=\encrypted=\session closed idle Timeout: 192.168.36.1/4864->192.168.168.168/256 icmp 192.168.36.1/4864->192.168.168.168/256 None None 1 default-permit trust untrust 760 0(0) 0(0) 1 UNKNOWN UNKNOWN N/A(N/A) ge-0/0/0.0 UNKNOWN

《Juniper防火墙日常维护手册-v20131112》 第 31页 共59页

1.11 查看/备份配置

（1）ScreenOS

在CLI下命令为：get config 示例：

JP1000A-> get config Total Config size 304830: set clock dst-off set clock ntp

set clock timezone 8

set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00 set vrouter trust-vr sharable set vrouter \exit

set vrouter %unset auto-route-export exit

set service \ set service \………….

（2）JunOS

在CLI - 操作模式下命令为：show configuration 或 show configuration | display set 示例：

syro@JP650A > show configuration

## Last changed: 2012-12-14 17:12:00 CST version 10.4R10.7; system {

host-name JP650A;

time-zone Asia/Shanghai;

authentication-order [ radius password ]; ports {

console log-out-on-disconnect; }

root-authentication {

encrypted-password \ }

radius-server {

《Juniper防火墙日常维护手册-v20131112》 第 32页 共59页