Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Verifying the Signature Database
Verifying the IDP Policy Compilation and Load Status
Purpose
Display the IDP log files to verify the IDP policy load and compilation status. When activating an IDP policy, you can view the IDP logs and verify if the policy is loaded and compiled successfully.
Action
To track the load and compilation progress of an IDP policy, configure either one or both of the following in the CLI:
- You can configure a log file, which will be located in /var/log/, and set trace option flags to record these operations:user@host# set security idp traceoptions file idpduser@host# set security idp traceoptions flag all
- You can configure your device to log system log messages
to a file in the /var/log directory:user@host# set system syslog file messages any any
After committing the configuration in the CLI, enter either of the following commands from the shell prompt in the UNIX-level shell:
Sample Output
user@host> start shelluser@host% tail -f /var/log/idpdJun 9 18:15:40 logmsg <valid license found for feature 20> Jun 9 18:15:40 IDP feature license status: Valid license installed. Jun 9 18:15:40 idpd commit start... Jun 9 18:15:40 Entering enable processing. Jun 9 18:15:40 Enable value (default) Jun 9 18:15:40 IDP processing default. ... Jun 9 18:15:40 Apply policy configuration, policy ops bitmask = 45 Jun 9 18:15:40 Starting policy (idpengine) compile... Jun 9 18:16:10 policy compilation memory estimate: 57126048 Jun 9 18:16:10 ...Passed (Shows that the policy compilation is successful)Jun 9 18:16:10 Starting policy package... Jun 9 18:16:12 ...Policy Packaging Passed Jun 9 18:16:12 Starting policy load... Jun 9 18:16:12 Loading policy(/var/db/idpd/bins/idpengine.bin.gz.v + /var/db/idpd/sec-repository/libidp-detector.so.gz.v + /var/db/idpd/bins/compiled_ai.bin)... Jun 9 18:16:12 idpd_dev_add_ipc_connection called.. ... Jun 9 18:16:20 Reading sensor config... Jun 9 18:16:20 sensor/idp node does not exist, apply defaults Jun 9 18:16:20 idpd_dev_add_ipc_connection called... Jun 9 18:16:20 idpd_dev_add_ipc_connection: done. ... Jun 9 18:16:20 sensor conf successful Jun 9 18:16:20 ...idpd commit end Jun 9 18:16:20 Returning from commit mode, status = 0. (Shows the policy load is successful)
Sample Output
user@host> start shelluser@host% tail -f /var/log/messagesJun 24 17:34:38 turtlebert mgd[4786]: UI_COMMIT_PROGRESS: Commit operation in progress: activating '/var/run/db/juniper.data' Jun 24 17:34:38 turtlebert mgd[4786]: UI_COMMIT_PROGRESS: Commit operation in progress: notifying daemons of new configuration Jun 24 17:34:38 turtlebert mgd[4786]: UI_COMMIT_PROGRESS: Commit operation in progress: notifying idpd(62) Jun 24 17:34:38 turtlebert mgd[4786]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'IDP policy daemon', pid 4699, signal 1, status 0 with notification errors enabled ... Jun 24 17:34:45 turtlebert idpd[4699]: IDP_POLICY_LOAD_SUCCEEDED: IDP policy[/var/db/idpd/bins/test.bin.gz.v] and detector[/var/db/idpd/sec-repository/libidp-detector.so.gz.v] loaded successfully. IDPD Trace file: ... Jun 24 12:10:27 idpd_policy_load: idp policy pre-install succeeded Jun 24 12:10:27 idpd_comm_server_get_event:478: evGetNext got event. Jun 24 12:10:27 idpd_comm_server_get_event:486: evDispatch OK ... Jun 24 12:10:27 idpd_policy_load: idp policy install succeeded Jun 24 12:10:27 idpd_comm_server_get_event:486: evDispatch OK ... Jun 24 12:10:27 idpd_policy_load: idp policy post-install succeeded Jun 24 12:10:28 Reading sensor config... Jun 24 12:10:28 sensor/idp node does not exist, apply defaults Jun 24 12:10:28 sensor conf successful Jun 24 12:10:28 ...idpd commit end Jun 24 12:10:28 Returning from commit mode, status = 0.
Meaning
Displays log messages showing the procedures that run in the background after you commit the set security idp active-policy command. This sample output shows that the policy compilation, sensor configuration, and policy load are successful.
Verifying the IDP Signature Database Version
Purpose
Display the signature database version.
Action
From the operational mode in the CLI, enter show security idp security-package-version.
Sample Output
user@host> show security idp security-package-versionAttack database version:31(Wed Apr 16 15:53:46 2008) Detector version :9.1.140080400 Policy template version :N/A
Meaning
The output displays the version numbers for the signature database, protocol detector, and the policy template on the IDP-enabled device. Verify the following information:
- Attack database version—On April 16, 2008, the version of the signature database active on the device is 31.
- Detector version—Displays the version number of the IDP protocol detector currently running on the device.
- Policy template version—Displays the version
of the policy template that is installed in the /var/db/scripts/commit directory when you run the request security idp security-package
install policy-templates configuration statement in the CLI.
For a complete description of show security idp security-package-version output, see the Junos OS CLI Reference.
