System Logging of Events Generated for the Firewall Facility
System log messages generated for firewall filter actions
belong to the firewall
facility. Just as you can for any other Junos OS system
logging facility, you can direct firewall
facility syslog messages to one or more
specific destinations: to a specified file, to the terminal session of one or more logged
in users (or to all users), to the router (or switch) console, or to a remote host or the
other Routing Engine on the router (or switch).
When you configure a syslog message destination for firewall
facility syslog
messages, you include a statement at the [edit system syslog]
hierarchy level,
and you specify the firewall
facility name together with a severity level. Messages
from the firewall
that are rated at the specified level or more severe are logged
to the destination.
System log messages with the DFWD_
prefix are generated by the firewall process
(dfwd
), which manages compilation and downloading of Junos OS firewall filters.
System log messages with the PFE_FW_
prefix are messages about firewall filters,
generated by the Packet Forwarding Engine controller, which manages packet forwarding functions.
For more information, see the System Log Explorer.
Table 1 lists the system log
destinations you can configure for the firewall
facility.
Destination |
Description |
Configuration Statements Under [edit system syslog] |
---|---|---|
File | Configuring this option keeps the To include priority and facility with messages written to the file, include the To override the default standard message format, which is based on a UNIX system log
format, include the |
file filename { firewall severity; allow-duplicates; archive archive-options; explicit-priority; structured-data; } allow-duplicates; archive archive-options; time-format (option); |
Terminal session | Configuring this option causes a copy of the |
user (username | *) { firewall severity; } time-format (option); |
Router (or switch) console | Configuring this option causes a copy of the firewall syslog messages to be written to the router (or switch) console. |
console { firewall severity; } time-format (option); |
Remote host or the other Routing Engine | Configuring this option causes a copy of the To override the default alternative facility for forwarding To include priority and facility with messages written to the file, include the |
host (hostname | other-routing-engine) { firewall severity; allow-duplicates; archive archive-options; facility-override firewall; explicit-priority; } allow-duplicates; # All destinations archive archive-options; time-format (option); |
By default, the timestamp recorded in a standard-format system log message specifies the month, date, hour, minute, and second when the message was logged, as in the example:
Sep 07 08:00:10
To include the year, the millisecond, or both in the timestamp for all system
logging messages, regardless of the facility, include one of the following statement at the [edit system syslog]
hierarchy level:
time-format year
;time-format millisecond
;time-format year millisecond
;
The following example illustrates the format for a timestamp that includes both
the millisecond (401
) and the year (2010
):
Sep 07 08:00:10.401.2010