- A—Accept (or next term)
- D—Discard
- R—Reject
 |
Note: If the protocol is ICMP, the ICMP type and code are displayed. For all other protocols, the source and destination ports are displayed. |
Create a filter that logs and counts ICMP packets that have 192.168.207.222 as either their source or destination:
- [edit]
- firewall {
-
- family inet {
-
- filter icmp-syslog {
-
- term icmp-match {
-
- from {
-
- address {
- 192.168.207.222/32;
- }
- protocol icmp;
- }
-
- then {
- count packets;
- syslog;
- accept;
- }
- }
-
- term default {
- then accept;
- }
- }
- }
- }
Enter the show log filter command to display the results:
root@hostname> show log filter
Mar 20 08:03:11 hostname feb FW: so-0/1/0.0 A icmp 192.168.207.222
192.168.207.223 0 0 (1 packets)
This output file contains the following fields:
|
Note: If the protocol is ICMP, the ICMP type and code are displayed. For all other protocols, the source and destination ports are displayed. |
The last two fields (both zero) are the source and destination TCP/UDP ports, respectively, and are shown for TCP or UDP packets only. This log message indicates that only one packet for this match has been detected in about a one-second interval. If packets arrive faster, the system log function compresses the information so that less output is generated, and displays an output similar to the following:
root@hostname> show log filter
Mar 20 08:08:45 hostname feb FW: so-0/1/0.0 A icmp 192.168.207.222
192.168.207.223 0 0 (515 packets)
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |