[Contents] [Prev] [Next] [Index] [Report an Error]

show firewall log

Syntax

show firewall log
<detail>
<interface interface-name>
<logical-system (logical-system-name | all)>

Release Information

Command introduced before JUNOS Release 7.4.

logical-system option introduced in JUNOS Release 9.3.

Description

Display log information about firewall filters.

Options

detail — (Optional) Display detailed information.

interface interface-name(Optional) Display log information about a specific interface.

logical-system (logical-system-name | all) — (Optional) Perform this operation on all logical systems or on a particular system.

Required Privilege Level

view

List of Sample Output

show firewall log detail

Output Fields

Table 121 lists the output fields for the show firewall log command. Output fields are listed in the approximate order in which they appear.

Table 121: show firewall log Output Fields

Field Name

Field Description

Level of Output

Time of Log

Time that the event occurred.

to be provided

Filter

Name of a filter that has been configured with the filter statement at the [edit firewall] hierarchy level.

  • A hyphen (-) indicates that the packet was handled by the Packet Forwarding Engine.
  • A space (no hyphen) indicates the packet was handled by the Routing Engine.
  • The notation pfe indicates packets logged by the Packet Forwarding Engine hardware filters.

to be provided

Filter Action

Filter action:

  • A—Accept
  • D—Discard
  • R—Reject

to be provided

Name of Interface

Ingress interface for the packet.

to be provided

Name of protocol

Packet’s protocol name: egp, gre, ipip, ospf, pim, rsvp, tcp, or udp.

to be provided

Packet length

Length of the packet.

to be provided

Source address

Packet’s source address.

to be provided

Destination address

Packet’s destination address and port.

to be provided

Sample Output

show firewall log detail

user@host> show firewall log detail 
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of 
interface: fxp0.0Name of protocol: TCP, Packet Length: 50824, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 1020, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
....
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.