The Reporting functionality for Junos devices provides users with a simple and easy to use interface to view security event data and statistics:
SRX > show security report ?
Possible completions:
threat Show security threats(IDP|UTM) report
traffic Show security traffic report
By default, the onboard reporting functionality for Junos devices is on. To turn it off, you need to configure no-report:
[edit]
root@SRX210-HM-1# set security analysis ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
no-report Stops security analysis reporting
The following information is the CLI equivalent (hidden) of the J-Web Report menu in the Monitor tab:
root@SRX210-HM-1# run show security report threat ? < Hidden command
Possible completions:
recent-activity Show the most recent threat activities
statistics Show the threat statistics
summary Show threat indicator summary
[edit]
root@SRX210-HM-1# run show security report threat recent-activity
From Email Severity Source IP Action TimeStamp
spamtest@spamtest.com info 16.16.16.1 BLOCKED 2012-03-05 15:11:05 UTC
Attack Name Severity Source IP/Port Destination IP/port Protocol Action TimeStamp
- info 16.16.16.1 /36733 16.16.16.2 /80 TCP TRAFFIC_IPACTION_NOTIFY
2012-03-05 15:11:05 UTC
[edit]
root@SRX210-HM-1# run show system uptime
Current time: 2012-03-05 15:12:45 UTC
System booted: 2012-03-04 21:58:51 UTC (17:13:54 ago)
Protocols started: 2012-03-04 22:02:04 UTC (17:10:41 ago)
Last configured: 2012-02-29 10:22:44 UTC (5d 04:50 ago) by root
3:12PM up 17:14, 1 user, load averages: 0.05, 0.03, 0.00
[edit]
root@SRX210-HM-1# run show security report threat summary
Threat activity summary:
Cumulative AV count : 0
Cumulative SPAM count : 1
Cumulative WEB filter content count: 0
Cumulative Content Filtering count : 0
Cumulative IDP attack count : 1
[edit]
root@SRX210-HM-1#
root@SRX210-HM-1# run show security report threat statistics | no-more
Threat Category Severity Hit Counts (24hr) Hit count (1hr)
ANTI_VIRUS emerg 0 0
ANTI_SPAM emerg 1 1
CONTENT_FILTER emerg 0 0
WEB_FILTER emerg 0 0
IDP emerg 1 1
Web Content Category Hit Counts (24hr) Hit count (1hr)
Adult_Sexually_Explicit 0 0
Advertisements 0 0
Arts_Entertainment 0 0
Chat 0 0
Computing_Internet 0 0
Criminal_Skills 0 0
Drugs_Alcohol_Tobacco 0 0
Education 0 0
Finance_Investment 0 0
Food_Drink 0 0
Gambling 0 0
Games 0 0
Glamour_Intimate_Apparel 0 0
Government_Politics 0 0
Hacking 0 0
Hate_Speech 0 0
Health_Medicine 0 0
Hobbies_Recreation 0 0
Hosting_Sites 0 0
Job_Search_Career_Development 0 0
Kids_Sites 0 0
Lifestyle_Culture 0 0
Motor_Vehicles 0 0
News 0 0
Personals_Dating 0 0
Photo_Searches 0 0
Real_Estate 0 0
Reference 0 0
Religion 0 0
Remote_Proxies 0 0
Sex_Education 0 0
Search_Engines 0 0
Shopping 0 0
Sports 0 0
Streaming_Media 0 0
Travel 0 0
Usenet_News 0 0
Violence 0 0
Weapons 0 0
Web_based_Email 0 0
Threat Name Category Source IP/Port Destination IP/port Protocol Action Hit Time Description
- ANTI_SPAM 16.16.16.1 /0 /0 BLOCKED 2012-03-05 15:11:05 UTC
IDP 16.16.16.1 /36733 16.16.16.2 /80 TRAFFIC_IPACTION_NOTIFY 2012-03-05 15:11:05 UTC
Time Count Critial threat Count Major threat Count Minor Threat Count
23 0 0 0
22 0 0 0
21 0 0 0
20 0 0 0
19 0 0 0
18 0 0 0
17 0 0 0
16 0 0 0
15 0 0 0
14 0 0 0
13 0 0 0
12 0 0 0
11 0 0 0
10 0 0 0
9 0 0 0
8 0 0 0
7 0 0 0
6 0 0 0
5 0 0 0
4 0 0 0
3 0 0 0
2 0 0 0
1 0 0 0
0 2 0 0
Interval Anti-Virus Anti-Spam Web Filter Content Filter IDP
23 0 0 0 0 0
22 0 0 0 0 0
21 0 0 0 0 0
20 0 0 0 0 0
19 0 0 0 0 0
18 0 0 0 0 0
17 0 0 0 0 0
16 0 0 0 0 0
15 0 0 0 0 0
14 0 0 0 0 0
13 0 0 0 0 0
12 0 0 0 0 0
11 0 0 0 0 0
10 0 0 0 0 0
9 0 0 0 0 0
8 0 0 0 0 0
7 0 0 0 0 0
6 0 0 0 0 0
5 0 0 0 0 0
4 0 0 0 0 0
3 0 0 0 0 0
2 0 0 0 0 0
1 0 0 0 0 0
0 0 1 0 0 1