 |
Note: The RADIUS_LOGIN_FAIL, TELNET_LOGIN_FAIL, and SSH_LOGIN_FAIL events are not valid JUNOS software events. They are illustrative for these examples. |
This section discusses two examples.
|
Note: The RADIUS_LOGIN_FAIL, TELNET_LOGIN_FAIL, and SSH_LOGIN_FAIL events are not valid JUNOS software events. They are illustrative for these examples. |
Example 1
Configure an event policy called login. The login policy is executed if five login failure events (RADIUS_LOGIN_FAIL, TELNET_LOGIN_FAIL, or SSH_LOGIN_FAIL) are generated within 120 seconds. Take action by executing the login-fail.xsl event script, which disables the user account.
event-options {
policy login {
events [ RADIUS_LOGIN_FAIL TELNET_LOGIN_FAIL SSH_LOGIN_FAIL ];
within 120 {
trigger after 4;
}
then {
event-script login-fail.xsl {
destination some-dest;
}
}
}
}
Table 24 shows how events add to the count.
Table 24: Event Count Triggers Policy
The columns in Table 24 mean the following:
At time 00:03:55, the value of count is more than 4; therefore, the login policy executes the login-fail.xsl script.
Example 2
Configure an event policy called login. The login policy is executed if five login failure events (RADIUS_LOGIN_FAIL, TELNET_LOGIN_FAIL, or SSH_LOGIN_FAIL) are generated within 120 seconds from username roger. Take action by executing the login-fail.xsl event script, which disables the roger user account.
event-options {
policy p2 {
events [ RADIUS_LOGIN_FAIL TELNET_LOGIN_FAIL SSH_LOGIN_FAIL ];
within 120 {
trigger after 4;
}
attributes-match {
RADIUS_LOGIN_FAIL.username matches roger;
TELNET_LOGIN_FAIL.username matches roger;
SSH_LOGIN_FAIL.username matches roger;
}
then {
event-script login.xsl {
destination some-dest;
}
}
}
}
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |