nope, that didnt work either :( meeks@MeeksNet-SRX210# run show log TEST-DENY
[edit] meeks@MeeksNet-SRX210# show system syslog file TEST-DENY any any; match RT_FLOW; [edit] On Sat, Feb 23, 2013 at 2:35 AM, Farrukh Haroon <[email protected]>wrote: > Hello Mike > > Was wondering if you can get the deny logs while doing local logging? > > set system syslog file TEST-DENY any any > set system syslog file TEST-DENY match RT_FLOW > > Regards > Farrukh > > > On Fri, Feb 22, 2013 at 4:39 AM, Mike Devlin <[email protected]> wrote: > >> So fingers crossed that this is an easy one for you guys, >> >> Device is an SRX210BE running 11.4R5.5 code. >> >> ive added the syslog host to the config >> >> meeks@MeeksNet-SRX210> show configuration system syslog >> archive size 100k files 3; >> user * { >> any emergency; >> } >> host 192.168.1.12 { >> any any; >> } >> file messages { >> any critical; >> authorization info; >> } >> file interactive-commands { >> interactive-commands error; >> } >> file security { >> security any; >> } >> file default-log-messages { >> any any; >> match "(requested 'commit' operation)|(copying configuration to >> juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU >> removal)|(FRU insertion)|(link UP)|(vc add)|(vc >> >> delete)|transitioned|Transferred|transfer-file|QFABRIC_NETWORK_NODE_GROUP|QFABRIC_SERVER_NODE_GROUP|QFABRIC_NODE|(license >> add)|(license delete)|(package -X update)|(package -X >> delete)|GRES|CFMD_CCM_DEFECT|LFMD_3AH|MEDIA_FLOW_ERROR|RPD_MPLS_PATH_BFD"; >> structured-data; >> } >> >> >> >> and implemented the default deny template i found here: >> >> http://kb.juniper.net/InfoCenter/index?page=content&id=KB20778&actp=RSS >> >> >> meeks@MeeksNet-SRX210> show configuration groups >> default-deny-template { >> security { >> policies { >> from-zone untrust to-zone trust { >> policy default-deny { >> match { >> source-address any; >> destination-address any; >> application any; >> } >> then { >> deny; >> log { >> session-init; >> } >> } >> } >> } >> } >> } >> } >> >> meeks@MeeksNet-SRX210> show configuration apply-groups >> ## Last commit: 2013-02-21 16:05:36 EST by meeks >> apply-groups default-deny-template; >> >> however, when i log on to the syslog host, and tail the syslog file i do >> not see denies being logged remotely. >> >> if i apply the session-init and session-close options to permitted >> traffic, >> it does get logged remotely. >> >> Alternatively, >> >> creating a new policy has the same result, regardless if i use reject or >> deny >> >> meeks@MeeksNet-SRX210# show security policies from-zone untrust to-zone >> trust policy deny-all >> match { >> source-address any; >> destination-address any; >> application any; >> } >> then { >> deny; >> log { >> session-init; >> } >> } >> >> my google-foo is failing, so i hope you guys can help. >> >> Looking forward to hearing back from you, >> >> Mike >> _______________________________________________ >> juniper-nsp mailing list [email protected] >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp

