查看瞻博网络高级威胁防御云系统日志消息
Junos OS 生成系统日志消息(也称为系统日志消息),以记录 SRX 系列防火墙上发生的事件。每个系统日志消息标识生成该消息的进程,并简要描述发生的操作或错误。瞻博网络 ATP 云日志使用或SRX AAMWD
条目标识SRX_AAWM_ACTION_LOG
。
以下示例配置基本系统日志设置。
set groups global system syslog user * any emergency set groups global system syslog host log kernel info set groups global system syslog host log any notice set groups global system syslog host log pfe info set groups global system syslog host log interactive-commands any set groups global system syslog file messages kernel info set groups global system syslog file messages any any set groups global system syslog file messages authorization info set groups global system syslog file messages pfe info set groups global system syslog file messages archive world-readable
要查看 CLI 中的事件,请输入以下命令:
show log
示例日志消息
<14> 1 2013-12-14T16:06:59.134Z pinarello RT_AAMW - SRX_AAMW_ACTION_LOG [junos@xxx.x.x.x.x.28 http-host="www.mytest.com" file-category="executable" action="BLOCK" verdict-number="8" verdict-source=”cloud/blacklist/whitelist” source-address="x.x.x.1" source-port="57116" destination-address="x.x.x.1" destination-port="80" protocol-id="6" application="UNKNOWN" nested-application="UNKNOWN" policy-name="argon_policy" username="user1" session-id-32="50000002" source-zone-name="untrust" destination-zone-name="trust"] http-host=www.mytest.com file-category=executable action=BLOCK verdict-number=8 verdict-source=cloud source-address=x.x.x.1 source-port=57116 destination-address=x.x.x.1 destination-port=80 protocol-id=6 application=UNKNOWN nested-application=UNKNOWN policy-name=argon_policy username=user1 session-id-32=50000002 source-zone-name=untrust destination-zone-name=trust