Messages d’erreur du journal système pour les services de nouvelle génération

Carte de services MS-MPC

JSERVICES_SESSION_OPEN application source-interface-name source-address source-port source-nat-information destination-address destination-port destination-nat-information protocol-name softwire-information;

Carte de services MX-SPC3

RT_FLOW_SESSION_CREATE_USF Prefix service-set-name source-interface-name source-address source-port destination-address destination-port service-name nat-source-address nat-source-port nat-destination-address nat-destination-port src-nat-rule-type src-nat-rule-name dst-nat-rule-type dst-nat-rule-name protocol-name policy-name application softwire-information;

Journaux d’ouverture de session avec NAT

Journaux d’ouverture de session sans NAT

Carte de services MS-MPC

JSERVICES_SESSION_CLOSE application source-interface-name source-address source-port source-nat-information destination-address destination-port destination-nat-information protocol-name softwire-information;

Carte de services MX-SPC3

RT_FLOW_SESSION_CLOSE_USF Prefix service-set-name source-interface-name source-address source-port destination-address destination-port service-name nat-source-address nat-source-port nat-destination-address nat-destination-port src-nat-rule-type src-nat-rule-name dst-nat-rule-type dst-nat-rule-name protocol-name policy-name; softwire-information;

Carte de services MS-MPC

JSERVICES_NAT_OUTOF_ADDRESSES: nat-pool-name

Carte de services MX-SPC3 :

Aug 10 10:06:13 champ RT_NAT: RT_SRC_NAT_OUTOF_ADDRESSES: nat-pool-name src_pool1 is out of addresses

Carte de services MS-MPC

{NPU-1-PFX1}[jservices-nat]: JSERVICES_NAT_OUTOF_PORTS: natpool NAT-POOL-NPU1-PFX3 is out of ports

Carte de services MX-SPC3

jul 31 03:08:30 esst480h RT_NAT: RT_SRC_NAT_OUTOF_PORTS: nat-pool-name nat_pool1 is out of ports

Carte de services MS-MPC

SYSLOG_MSMPC{SS_TEST}[jservices-nat]: JSERVICES_NAT_RULE_MATCH: proto 17 (UDP) application: any, xe-2/2/1.0:24.0.0.2:1234 -> 25.0.0.2:1234, Match NAT rule-set: (null), rule: NAT_RULE_TEST, term: t

Carte de services MX-SPC3

RT_NAT: RT_NAT_RULE_MATCH: protocol-id 17 protocol-name udp application Unknown interface-name ge-2/0/9.0 source-address 11.1.1.2 source-port 2000 destination-address 12.1.1.2 destination-port 5000 rule-set-name rule-set rule-name nat-rule

Carte de services MS-MPC

SYSLOG_MSMPC{SS_TEST}[jservices-nat]: JSERVICES_NAT_POOL_RELEASE: natpool release 85.0.0.1:1024[1]

Carte de services MX-SPC3

RT_NAT: RT_SRC_NAT_POOL_RELEASE: nat-pool-name nat-pool address 112.1.1.4 port 1024 count 1

Carte de services MS-MPC - Exemple 1

SYSLOG_MSMPC{ss1}[jservices-nat]: JSERVICES_NAT_PORT_BLOCK_ALLOC: 11.1.1.2 -> 112.1.1.4:42494-42503 0x59412760

Carte de services MX-SPC3 - Exemple 1

Aug 9 23:01:59 esst480r RT_NAT: RT_SRC_NAT_PBA_ALLOC: Subscriber 20.1.1.5 used/maximum [1/1] blocks, allocates port block [49774-49923] from 100.0.0.1 in source pool p1 lsys_id: 0

Carte de services MS-MPC - Exemple 2

SYSLOG_MSMPC{ss1}[jservices-nat]: JSERVICES_NAT_PORT_BLOCK_RELEASE: 2001:2010:0:0:0:0:0:2 -> 161.161.16.1:56804-56813 0x597ef2c3

Carte de services MX-SPC3 - Exemple 2

RT_NAT: RT_SRC_NAT_PBA_ALLOC: Subscriber 11.1.1.2 used/maximum [1/2] blocks, allocates port block [13934-13943] from 112.1.1.1 in source pool nat-pool lsys_id: 0

Carte de services MS-MPC

SYSLOG_MSMPC{ss1}[jservices-nat]: JSERVICES_NAT_PORT_BLOCK_ACTIVE: 11.1.1.2 -> 112.1.1.4:42494-42503 0x59412760

Carte de services MX-SPC3

RT_NAT: RT_SRC_NAT_PBA_INTERIM: Subscriber 50.0.0.3 used/maximum [1/1] blocks, allocates port block [5888-6015] from 202.0.0.1 in source pool JNPR-CGNAT-PUB-POOL lsys_id: 0

Carte de services MS-MPC

JSERVICES_NAT_PORT_BLOCK_RELEASE source-address nat-source-address nat-source-port-range-start nat-source-port-range-end object-create-time;

Carte de services MX-SPC3

RT_NAT: RT_SRC_NAT_PBA_RELEASE: Subscriber 11.1.1.2 used/maximum [2/3] blocks, releases port block [3839-3843] from 112.1.2.1 in source pool nat-pool lsys_id: 0

Carte de services MS-MPC

{ss1}[jservices-nat]: JSERVICES_DET_NAT_CONFIG: Deterministc NAT Config [2001:2010::-2001:2010::ff]:[161.161.16.1-161.161.16.254]:0:200:0:1024-65535

Carte de services MS-MPC

Sep 20 01:36:51 mobst480b (FPC Slot 5, PIC Slot 0) 2017-09-20 08:36:19: SYSLOG_MSMPC{SS_TEST}[jservices-sfw]: JSERVICES_SFW_RULE_ACCEPT: proto 17 (UDP) application: any, interface: xe-2/2/1.0, 24.0.0.2:1234 -> 25.0.0.2:1234, Match SFW allow rule-set: (null), rule: SFW_RULE_TEST, term: t

Carte de services MX-SPC3

expo RT_FLOW: RT_FLOW_SESSION_POLICY_ACCEPT_USF: Tag SYSLOGMSG svc-set-name ss1:session created with policy accept 20.1.1.2/5->30.1.1.2/15100 0x0 icmp R11  1 sfw_policy1 ss1-ZoneIn ss1-ZoneOut 160000010 N/A(N/A) xe-5/3/2.0 UNKNOWN UNKNOWN UNKNOWN N/A N/A -1 N/A

Carte de services MS-MPC

Sep 20 01:42:02 mobst480b (FPC Slot 5, PIC Slot 0) 2017-09-20 08:41:31: SYSLOG_MSMPC{SS_TEST}[jservices-sfw]: JSERVICES_SFW_RULE_REJECT: proto 17 (UDP) application: any, 24.0.0.2:1234 -> 25.0.0.2:1234, Match SFW reject rule-set: (null), rule: SFW_RULE_TEST, term: t

Carte de services MX-SPC3

expo RT_FLOW: RT_FLOW_SESSION_RULE_REJECT_USF: Tag SYSLOGMSG svc-set-name ss1: session denied 20.1.1.2/5->30.1.1.2/15183 0x0 icmp R11 1(8) sfw_policy1 ss1-ZoneIn ss1-ZoneOut UNKNOWN UNKNOWN N/A(N/A) xe-5/3/2.0 No Rejected by policy 160000030 N/A N/A -1 N/A

Carte de services MS-MPC

Sep 20 01:43:57 mobst480b (FPC Slot 5, PIC Slot 0) 2017-09-20 08:43:26: SYSLOG_MSMPC{SS_TEST}[jservices-sfw]: JSERVICES_SFW_RULE_DISCARD: proto 17 (UDP) application: any, 24.0.0.2:1234 -> 25.0.0.2:1234, Match SFW drop rule-set: (null), rule: SFW_RULE_TEST, term: t

Carte de services MX-SPC3

RT_FLOW - RT_FLOW_SESSION_RULE_DISCARD_USF [junos@2636.1.1.1.2.25 tag="SYSLOG_SFW" service-set-name="ss1" source-address="20.1.1.2" source-port="10000" destination-address="30.1.1.2" destination-port="20000" connection-tag="0" service-name="None" rule-name="R1" rule-set-name="" protocol-id="17" icmp-type="0" policy-name="policy1" source-zone-name="ss1-ZoneIn" destination-zone-name="ss1-ZoneOut" application="UNKNOWN" nested-application="UNKNOWN" username="N/A" roles="N/A" packet-incoming-interface="xe-5/3/2.0" encrypted="No" reason="Denied by policy" session-id-32="190000014" application-category="N/A" application-sub-category="N/A" application-risk="-1" application-characteristics="N/A"] Tag SYSLOG_SFW svc-set-name ss1: session denied 20.1.1.2/10000->30.1.1.2/20000 0x0 None R1 17(0) policy1 ss1-ZoneIn ss1-ZoneOut UNKNOWN UNKNOWN N/A(N/A) xe-5/3/2.0 No Denied by policy 190000014 N/A N/A -1 N/A

Carte de services MS-MPC

Sep 20 01:43:57 mobst480b (FPC Slot 5, PIC Slot 0) 2017-09-20 08:43:26: SYSLOG_MSMPC{SS_TEST}[jservices-sfw]: JSERVICES_SFW_NO_RULE_DROP: proto 17 (UDP) application: any, 24.0.0.2:1234 -> 25.0.0.2:1234

Carte de services MX-SPC3

RT_FLOW_SESSION_NO_RULE_DROP_USF Prefix service-set-name protocol-id protocol-name source-interface-name separator source-address source-port destination-address destination-port event-type;

Carte de services MS-MPC

JSERVICES_SFW_NO_POLICY source-address destination-address;

Carte de services MX-SPC3

RT_FLOW_SESSION_NO_POLICY_USF Prefix service-set-name source-address destination-address;