Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Network Management and Monitoring

  • YANG data models for Junos RPCs include accurate output schemas (MX480)—Starting in Junos OS Release 23.1R1, the YANG data models for Junos RPCs include accurate output schemas. In earlier releases, the RPC output schemas use the anyxml statement to represent a chunk of XML in the RPC reply. The Juniper yang GitHub repository includes the updated schemas, and Junos OS emits the new schemas by default. To emit the alternate RPC schemas containing the anyxml statement on the local device, configure the emit-anyxml-in-rpc-output statement at the [edit system services netconf yang-modules] hierarchy level. After you configure the statement, the show system schema command generates the schemas that use anyxml.

    [See Understanding the YANG Modules for Junos Operational Commands.]

  • On-box logging modernization (SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, SRX4100, SRX4200, SRX4600, and vSRX 3.0)—Starting in Junos OS Release 23.1R1, you can use the following operational commands to optimize the database query performance:

    • show security log report in-detail

    • show security log report in-interval

    • show security log report summary

    [See Understanding On-Box Logging and Reporting, show security log report in-detail, show security log report in-interval, and show security log report summary.]

  • Improved filtering and search using new expression option for on-box reporting (SRX4600)—Starting in Junos OS Release 23.1R1, we’ve enhanced the filtering options and search mechanism to generate optimized log reports. Use the expression option in the show security log report in-detail all and show security log report summary all commands with the following operators to generate optimized reports:

    • not equal to

    • greater than or equal to

    • less than or equal to

    • IP Addresses with netmask awareness

    The total length of the expression is limited to 256 bytes including the brackets.

    [See Understanding On-Box Logging and Reporting, show security log report in-detail, and show security log report summary.]

  • Support for DNS logging in on-box reporting (SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, SRX4100, SRX4200, SRX4600, vSRX, and vSRX 3.0)—Starting in Junos OS Release 23.1R1, we’ve added support for DNS logging in on-box reporting. You can now use on-box reporting with:

    • New logging database for DNS.

    • in-detail and summary CLI query options for DNS.

    • DNS as part of the threat category.

    [See Understanding On-Box Logging and Reporting, show security log report in-detail, and show security log report summary.]

  • Increased database file size capacity for on-box reporting (SRX4600)—Starting in Junos OS Release 23.1R1, we’ve increased the on-box logging database file size capacity to 216 million entries. With this enhancement, you can customize the database sizing for each database table.

    [See report (Security Log).]

  • Dedicated CPU resource for on-box reporting (SRX4600)—Starting in Junos OS Release 23.1R1, you can assign a dedicated CPU resource for the on-box logging. The use of the dedicated resource improves the qyery performance. To assign the dedicated resource, configure the new enhanced-logging statement at the [edit security forwarding-options resource-manager] hierarchy level.

    [See show security forward-options resource-manager and resource-manager.]