show security log
语法
show security log {all| destination-address| destination-port| event-id| failure|interface-name| newer-than| older-than| process| protocol|report| severity| sort-by| source-address| source-port| success| user}
描述
显示安全事件日志。此命令在屏幕上持续显示安全事件。若要停止显示,请按 Ctrl+c。
选项
all | 显示存储在设备内存中的所有审核事件日志。 |
destination-address | 显示具有指定目标地址的审核事件日志。 |
destination-port | 显示具有指定目标端口的审核事件日志。 |
event-id | 显示具有指定事件标识号的审核事件日志。 |
failure | 显示失败的审核事件日志。 |
file | 以二进制格式显示安全日志。 |
interface-name | 显示具有指定界面的审核事件日志。 |
newer-than | 显示比指定日期和时间更新的审核事件日志。 |
older-than | 显示早于指定日期和时间的审核事件日志。 |
process | 显示具有生成事件的指定进程的审核事件日志。 |
profile | 显示安全日志配置文件信息。 |
protocol | 显示通过指定协议生成的审核事件日志。 |
query | 从数据库查询日志。 |
report | 显示系统流量日志的本机报告。 |
severity | 显示使用指定严重性生成的审核事件日志。 |
sort-by | 显示按指定选项排序生成的审核事件日志。 |
source-address | 显示具有指定源地址的审核事件日志。 |
source-port | 显示具有指定源端口的审核事件日志。 |
stream | 显示安全日志流信息。 |
success | 显示成功的审核事件日志。 |
username | 显示为指定用户生成的审核事件日志。 |
所需权限级别
视图
输出字段
表 1 列出了命令show security log
的输出字段。输出字段按其出现的大致顺序列出。
字段名称 |
字段说明 |
---|---|
|
收到的事件的时间戳。 安全日志始终通过运行 |
|
将列出安全事件。 |
示例输出
显示安全日志
user@host> show security log Event time Message 2010-10-22 13:28:37 CST session created 1.1.1.2/1-->2.2.2.2/1308 icmp 1.1.1.2/1-->2.2.2.2/1308 None None 1 policy1 trustZone untrustZone 52 N/A(N/A) ge-0/0/1.0 2010-10-22 13:28:38 CST session created 1.1.1.2/1-->2.2.2.2/1308 icmp 1.1.1.2/1-->2.2.2.2/1308 None None 1 policy1 trustZone untrustZone 54 N/A(N/A) ge-0/0/1.0 ... 2010-10-22 13:36:12 CST session denied m icmp 1(8) policy1 trustZone untrustZone N/A(N/A) ge-0/0/1.0 2010-10-22 13:36:14 CST session denied 1.1.1.2/2-->2.2.2.2/54812 icmp 1(8) policy1 trustZone untrustZone N/A(N/A) ge-0/0/1.0 ... 2010-10-27 15:50:11 CST IP spoofing! source: 2.2.2.20, destination: 2.2.2.2, protocol-id: 17, zone name: trustZone, interface name: ge-0/0/1.0, action: drop 2010-10-27 15:50:11 CST IP spoofing! source: source: 2.2.2.20, destination: 2.2.2.2, protocol-id: 17, zone name: trustZone, interface name: ge-0/0/1.0, action: drop ... 2011-02-18 15:53:34 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/common/certification-authority/ca-profile1-ca1.cert 2011-02-18 15:53:35 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/common/crl/ca-profile1.crl 2011-02-18 15:53:35 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/system-key-pair/system-generated.priv 2011-02-18 15:53:35 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/system-cert/system-generated.cert 2011-02-18 15:53:35 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/common/key-pair/cert1.priv 2011-02-18 15:53:42 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/common/key-pair/test2.priv ... 2011-03-14 23:00:40 PDT IDP_COMMIT_COMPLETED: IDP policy commit is complete. IDP_POLICY_LOAD_FAILED: IDP policy loading failed ;poli cy[/var/db/idpd/bins/.bin.gz.v], detector[/usr/libdata/libidp-detector.so.tgz.v] ,failure detail[Policy loading failed :: Policy file not found 2011-03-14 23:00:58 PDT ] IDP_POLICY_LOAD_FAILED: IDP policy loading failed ;poli cy[/var/db/idpd/bins/.bin.gz.v], detector[/usr/libdata/libidp-detector.so.tgz.v] ,failure detail[Policy loading failed :: Policy file not found 2011-03-14 23:00:58 PDT ] IDP_POLICY_LOAD_FAILED: IDP policy loading failed ;poli cy[/var/db/idpd/bins/.bin.gz.v], detector[/usr/libdata/libidp-detector.so.tgz.v] ,failure detail[Policy loading failed :: Policy file not found 2011-03-14 23:00:58 PDT ] ... Event time Message 2011-03-21 14:21:49 CST UI_CMDLINE_READ_LINE: User 'root', command 'set date ntp 9.9.9.1 source-address 6.6.6.1 ' 2011-03-21 14:23:01 CST UI_CMDLINE_READ_LINE: User 'root', command 'set date ntp 9.9.9.1 source-address 6.6.6.1 .5 ' 2011-03-21 14:23:05 CST KMD_PM_SA_ESTABLISHED: Local gateway: 7.7.7.1, Remote gateway: 8.8.8.1, Local ID: ipv4(any:0,[0..3]=6.6.6.1), Remote ID: ipv4(any:0,[0..3]=9.9.9.1), Direction: inbound, SPI: 37a2a179, AUX-SPI: 0, Mode: tunnel, Type: dynamic 2011-03-21 14:23:05 CST KMD_PM_SA_ESTABLISHED: Local gateway: 7.7.7.1, Remote gateway: 8.8.8.1, Local ID: ipv4(any:0,[0..3]=6.6.6.1), Remote ID: ipv4(any:0,[0..3]=9.9.9.1), Direction: outbound, SPI: b2231c1f, AUX-SPI: 0, Mode: tunnel, Type: dynamic 2011-03-21 14:23:08 CST UI_CMDLINE_READ_LINE: User 'root', command 'set date ntp 9.9.9.1 source-address 6.6.6.1 ' 2011-03-21 14:23:13 CST UI_CMDLINE_READ_LINE: User 'root', command 'show security log '
发布信息
Junos OS 11.2 版中引入的命令。