Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to filter and sort traffic or event logs?

0

0

Article ID: KB7007 KB Last Updated: 20 Mar 2020Version: 7.0
Summary:

This article explains how to filter and sort traffic or event logs.

Solution:

The ability to filter and sort traffic or event logs with start-date, end-date, start-time, or end-time is available beginning in ScreenOS 5.0. To filter, by using one of these parameters, enter one of the following CLI commands:

To filter Traffic and Self Logs:

get log < traffic | self > < start-date| end-date > < mm/dd [ /yyyy-hh:mm:ss ] >
or
get log < traffic | self > < start-time | end-time > < hh:mm:ss >

To filter Event Logs:

get event < start-date | end-date > < mm/dd [ /yyyy-hh:mm:ss ] >
or
get event < start-time | end-time > < hh:mm:ss >

To sort entries:

Log entries can also be sorted by Source IP, Destination IP, date, or time. All of the commands are available only via the CLI. The syntax is as follows:

get log < traffic | self > sort-by < date | dst-ip | src-ip | time >
or
get event sort-by < date | dst-ip | src-ip | time >

Additional log and event options can be found in the ScreenOS Documentation.

Update for new ScreenOS version:

On ScreenOS 6.2r3 or earlier, you can use more filter key words such as:

ns5k-a-> get log tr ?

> redirect output
| match output
<return>
detail log detail level
dst-ip show traffic to destination IPs
dst-port show traffic to destination ports
end-date stop date
end-time stop time
in-interface show traffic according to in interface
max-duration max duration
min-duration min duration
no-rule-displayed not show rule info
out-interface show traffic according to out interface
policy show traffic under policies
protocol show traffic to protocol
service show traffic under any service
sort-by show sorted traffic log
src-ip show traffic from source IPs
src-port show traffic from source ports
start-date start date
start-time start time

These events get overwritten in the FIFO method by new entries when their respective buffer/memory is full. There is separate buffer space to store these events. Refer KB14020 - Explanation of "get event" for more details about the event buffers and their segregation.

 

Modification History:
2020-03-20: Minor, non-technical update.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search