show firewall log

Syntax

show firewall log <detail><interface interface-name><logical-system (logical-system-name | all)>

Syntax (EX Series Switch)

show firewall log <detail><interface interface-name>

Release Information

Command introduced before JUNOS Release 7.4.

Command introduced in JUNOS Release 9.0 for EX Series switches.

logical-system option introduced in JUNOS Release 9.3.

Description

Display log information about firewall filters.

Options

none: Display log information about firewall filters.
detail: (Optional) Display detailed information.
interface interface-name: (Optional) Display log information about a specific interface.
logical-system (logical-system-name | all): (Optional) Perform this operation on all logical systems or on a particular system.

Required Privilege Level

view

List of Sample Output

show firewall log detail

Output Fields

Table 138 lists the output fields for the show firewall log command. Output fields are listed in the approximate order in which they appear.

Table 138: show firewall log Output Fields

Field Name	Field Description
Time of Log	Time that the event occurred.
Filter	Name of a filter that has been configured with the filter statement at the [edit firewall] hierarchy level. A hyphen (-) indicates that the packet was handled by the Packet Forwarding Engine. A space (no hyphen) indicates the packet was handled by the Routing Engine. The notation pfe indicates packets logged by the Packet Forwarding Engine hardware filters.
Filter Action	Filter action: A—Accept D—Discard R—Reject
Name of Interface	Ingress interface for the packet.
Name of protocol	Packet’s protocol name: egp, gre, ipip, ospf, pim, rsvp, tcp, or udp.
Packet length	Length of the packet.
Source address	Packet’s source address.
Destination address	Packet’s destination address and port.

Sample Output

show firewall log detail

user@host> show firewall log detail

Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of 
interface: fxp0.0Name of protocol: TCP, Packet Length: 50824, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 1020, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
....