 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
To collect and log count statistics collected by firewall filters on a per-interface basis, you must configure a filter profile and include the interface-specific statement at the [edit firewall filter filter-name] hierarchy level.
Configure the firewall filter accounting profile:
- [edit accounting-options]
- file cust1_accounting {
- size 500k;
- }
- filter-profile cust1_profile {
- file cust1_accounting;
- interval 1;
-
- counters {
- r1;
- }
- }
Configure the interface-specific firewall counter:
- [edit firewall]
- filter f3 {
- accounting-profile cust1_profile;
- interface-specific;
-
- term f3-term {
-
- then {
- count r1;
- accept;
- }
- }
- }
Apply the firewall filter to an interface:
- [edit interfaces]
- xe-1/0/0 {
-
- unit 0 {
-
- family inet {
-
- filter {
- input f3;
- output f3;
- }
- address 20.20.20.30/24;
- }
- }
- }
The following example shows the contents of the cust1_accounting file in the /var/log folder that might result from the preceding configuration:
#FILE CREATED 995495212 2001-07-18-22:26:52 #hostname host #profile-layout cust1_profile,epoch-timestamp,interfaces,filter-name, counter-name,packet-count,byte-count cust1_profile,995495572,xe-1/0/0.0,f3-xe-1/0/0.0-i,r1-xe-1/0/0.0-i,5953,1008257 cust1_profile,995495602,xe-1/0/0.0,f3-xe-1/0/0.0-o,r1-xe-1/0/0.0-o,5929,1006481 ...
If the interface-specific statement is not included in the configuration, the following output might result:
#FILE CREATED 995495212 2001-07-18-22:26:52 #hostname host #profile-layout cust1_profile,epoch-timestamp,interfaces,filter-name, counter-name,packet-count,byte-count cust1_profile,995495572,xe-1/0/0.0,f3,r1,5953,1008257 cust1_profile,995495632,xe-1/0/0.0,f3,r1,5929,1006481
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |