亚洲欧美精品沙发,日韩在线精品视频,亚洲Av每日更新在线观看,亚洲国产另类一区在线5

<pre id="hdphd"></pre>

  • <div id="hdphd"><small id="hdphd"></small></div>
      學習啦 > 學習電腦 > 電腦安全 > 防火墻知識 > funiper防火墻日志如何設置

      funiper防火墻日志如何設置

      時間: 林輝766 分享

      funiper防火墻日志如何設置

        juniper防火墻日志怎么樣設置才最有效,小編來教你!下面由學習啦小編給你做出詳細的juniper防火墻日志設置方法介紹!希望對你有幫助!

        juniper防火墻日志設置方法一:

        以遠程撥號(xauth)為例:

        netscreen_isg1000-> get event include 120.31.240.98

        Date Time Module Level Type Description

        2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID

        <6c0f2afe>: Completed negotiations

        with SPI <3eab9265>, tunnel ID< 45468>,

        and lifetime <3600> seconds/<0> KB.

        2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID

        < 6c0f2afe>: Responded to the peer's

        first message.

        2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98>: XAuth login was

        passed for gateway< Test_Gateway>,

        username , retry: 0, Client

        IP Addr<11.2.2.70>, IPPool name:

        < _TEST_POOL>, Session-Timeout:<0s>,

        Idle-Timeout:<0s>.

        2008-09-14 10:57:12 system info 00536 IKE<120.31.240.98>: XAuth login was

        refreshed for username at

        < 11.2.2.70/255.255.255.255>.

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial

        contact notification and removed Phase

        1 SAs.

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed

        Aggressive mode negotiations with a

        < 28800>-second lifetime.

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed

        for user .

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial

        contact notification and removed Phase

        2 SAs.

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a

        notification message for DOI< 1>

        < 24578>< INITIAL-CONTACT>.

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a

        notification message for DOI< 1>

        < 24577>< REPLAY-STATUS>.

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: IKE

        responder has detected NAT in front of

        the remote device.

        2008-09-14 10:57:08 system info 00536 IKE<120.31.240.98> Phase 1: Responder

        starts AGGRESSIVE mode negotiations.

        Total entries matched = 12

        而不要使用以下命令:

        netscreen_isg1000-> get event | in 120.31.240.98

        2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID

        2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98> Phase 2 msg ID

        2008-09-14 10:57:13 system info 00536 IKE<120.31.240.98>: XAuth login was

        2008-09-14 10:57:12 system info 00536 IKE<120.31.240.98>: XAuth login was

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: Completed

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received initial

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98>: Received a

        2008-09-14 10:57:09 system info 00536 IKE<120.31.240.98> Phase 1: IKE

        2008-09-14 10:57:08 system info 00536 IKE<120.31.240.98> Phase 1: Responder

        特別說明:120.31.240.98是發(fā)起方公網(wǎng)IP地址。

        juniper防火墻日志設置方法二:

        一般用cli查看

        先定義一個traceoption的文件名,和需要記錄的log類型,

        然后再在策略的最后面then的地方加上log記錄屬性。

        然后用命令show log 【你taceoption定義的log名】

        web查看也是需要用命令去定義,然后再在web的system文件夾下面去找這個log文件名,很麻煩

        juniper防火墻日志設置方法三:

        普通日志show log message

        特殊日志需要定義類型

        SRX 抓包

        debug:跟蹤防火墻對數(shù)據(jù)包的處理過程

        SRX跟蹤報文處理路徑的命令:

        set security flow traceoptions flag basic-datapath 開啟SRX基本報文處理Debug

        set security flow traceoptions file filename.log 將輸出信息記錄到指定文件中

        set security flow traceoptions file filename.log size 設置該文件大小,缺省128k

        set security flow traceoptions packet-filter filter1 destination-prefix 5.5.5.2 設置報文跟蹤過濾器

        run file show filename.log 查看該Log輸出信息

        看了“ funiper防火墻日志如何設置”文章的還看了:

      1.360防火墻日志在哪里

      2.如何設置DDOS防火墻各項參數(shù)

      3.防火墻配置命令是怎么樣的

      4.cisco防火墻怎么樣設置最好

      5.h3c防火墻如何設置adsl

      6.ARP防火墻參數(shù)設置方法有哪些

      781972