Example: Configuring WELF Logging for UTM Features

This example shows how to configure WELF logging for UTM features.

Requirements

Before you begin, review the fields used to create a WELF log file and record. See Understanding WELF Logging for UTM Features.

Overview

A WELF log file is composed of records. Each record is a single line in the file. Records are always in chronological order. The earliest record is the first record in the file; the most recent record is the last record in the file. WELF places no restrictions on log filenames or log file rotation policies. In this example, the severity level is emergency and the name of the security log stream is stream-utm-welf.

Configuration

CLI Quick Configuration

To quickly configure WELF logging for UTM features, copy the following commands and paste them into the CLI.

[edit]set security log source-address 1.2.3.4 stream utm-welf set security log source-address 1.2.3.4 stream utm-welf format welf set security log source-address 1.2.3.4 stream utm-welf format welf category content-security set security log source-address 1.2.3.4 stream utm-welf format welf category content-security severity emergency set security log source-address 1.2.3.4 stream utm-welf format welf category content-security severity emergency host 5.6.7.8

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To configure WELF logging for UTM features:

  1. Set the security log source IP address.
    [edit security log]user@host# set source-address 1.2.3.4

    Note: You must save the WELF logging messages to a dedicated WebTrends server.

  2. Name the security log stream.
    [edit security log]user@host# set source-address 1.2.3.4 stream utm-welf
  3. Set the format for the log messages.
    [edit security log]user@host# set source-address 1.2.3.4 stream utm-welf format welf
  4. Set the category of log messages that are sent.
    [edit security log]user@host# set source-address 1.2.3.4 stream utm-welf format welf category content-security
  5. Set the severity level of log messages that are sent.
    [edit security log]user@host# set source-address 1.2.3.4 stream utm-welf format welf category content-security severity emergency
  6. Enter the host address of the dedicated WebTrends server to which the log messages are to be sent.
    [edit security log]user@host# set source-address 1.2.3.4 stream utm-welf format welf category content-security severity emergency host 5.6.7.8

Results

From configuration mode, confirm your configuration by entering the show security log command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

[edit]
user@host# show security log
stream utm-welf {
   severity emergency;
   format welf;
   category content—security;
   host {
       5.6.7.8;
   }
}

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform this task:

Verifying the Security Log

Purpose

Verify that the WELF log for UTM features is complete.

Action

From operational mode, enter the show security utm status command to verify if the UTM service is running or not.

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.