Monitoring Policy Statistics

JUNOS software can monitor and record traffic that it permits or denies based on previously configured policies.

To monitor traffic, enable the count and log options.

Count—Can be configured in an individual policy. If count is enabled, counters are collected for the number of packets, bytes, and sessions that enter the firewall for a given policy. For counts (only for packets and bytes), you can specify that alarms be generated whenever the traffic exceeds specified thresholds.

Log—Consists of trace options and a structured system log.

• Trace options: Tracing operations for a policy.

  To trace security policies, include the traceoptions command at the [edit] hierarchy level.

  set security policies traceoptions < filename > < flag >
  

  filename—Name of the file in which the output of the tracing operation is saved. All files are placed in the directory /var/log<“ filename” >. Enclose the name of the security-trace file within quotation marks. By default, commit script process tracing output is placed in the file. If you include the file command, you must specify a filename. To retain the default, you can specify eventd as the filename.

  The default file size is 128 KB, and 10 files are created before the first one gets overwritten.

  flag—Tracing operation to perform. To perform more than one tracing operation, include multiple flag commands. You can include the following flags:

  • all—All tracing operations
  • authentication—Trace authentication events
  • configuration—Trace configuration events
  • setup—Trace setup of firewall authentication service
• Structured Log: Has one directive for all policies.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.