Knowledge Search


×
 

[SRX] How to perform logging for traffic (host-inbound traffic) that is destined for the device

  [KB26771] Show Article Properties


Summary:
This article provides information on how perform logging for traffic (host-inbound traffic) that is destined for the device.
Symptoms:
How to log the host inbound traffic; for example, routing-protocols OSPF, BGP, SSH, and so on.
Cause:

Solution:
From 11.4R1 , you can also create security policies for host-inbound traffic(Refer Junos Release notes 11.4r1 [Page 163 & 224 ] ).
For more information, refer to the Junos® OS 11.4 Release Notes .

The security policies for the self-traffic are configured under the new default security zone, known as the junos-host zone. To log this traffic, just include the action log, as shown below, in the security policy, as performed for other security policies. The following example logs the allowed traffic; you can configure a similar policy to log denied traffic:
root@SRX# show security policies 
from-zone trust to-zone junos-host {
    policy p1 {
        match {
            source-address any;
            destination-address any;
            application any;
        }
        then {
            permit;
            log {
                session-init;
                session-close;
            }
        }
    }
}
Verfication:

You can now check the local traffic log file or syslog server for traffic that is coming to junos-host:
Jan 21 18:20:12  240-3 RT_FLOW: RT_FLOW_SESSION_CREATE: session created 172.27.199.166/12288->172.27.201.39/1024 icmp 172.27.199.166/12288->172.27.201.39/1024 None None 1 p1 trust junos-host 8224 N/A(N/A) ge-0/0/0.0
Jan 21 18:20:13  240-3 RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed response received: 172.27.199.166/11520->172.27.201.39/1024 icmp 172.27.199.166/11520->172.27.201.39/1024 None None 1 p1 trust junos-host 8218 1(60) 1(60) 4   N/A(N/A) ge-0/0/0.0
Related Links: