Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to suppress multicast deny logs from 'src zone=null' and 'dst zone=null'

0

0

Article ID: KB7066 KB Last Updated: 13 Mar 2013Version: 4.0
Summary:
This article provides information on how to suppress multicast deny logs from src zone=null and dst zone=null.
Symptoms:
A large number of deny logs originate from source zone null to destination zone null:

[00001] 2004-01-14 18:56:01 [Root]system-notification-00257(traffic): start_time="2004-01-14 18:56:01" duration=0 policy_id=320001 service=ospf proto=89 src zone=Null dst zone=Null action=Deny sent=0 rcvd=64 src=10.1.1.1 dst=224.0.0.5

Cause:

Solution:
The following log message is a self log, which are typically generated, when traffic that is destined to or from the NetScreen device is dropped:

[00001] 2004-01-14 18:56:01 [Root]system-notification-00257(traffic): start_time="2004-01-14 18:56:01" duration=0 policy_id=320001 service=ospf proto=89 src zone=Null dst zone=Null action=Deny sent=0 rcvd=64 src=10.1.1.1 dst=224.0.0.5

In this case, the NetScreen device is trying to send an OSPF packet, but it is being dropped. This is the standard behavior, as the NetScreen device is not part of any OSPF area. These logs are being generated, as the NetScreen device is configured to log dropped packets, which are either destined to originate from the NetScreen device. 

To continue the self logs, but eliminate the multicast logs, apply the following command:

set firewall log-self exclude multicast
Additional information:

The get firewall command will provide the details of all the self logs that are enabled or disabled for a particular type of traffic:
get firewall
IKE : Off
SNMP: Off
ICMP: On
: Off
Deny exclude Multicast: On
TELNET : Off
SSH : Off
WEB : Off
NSM : Off
You can enable or disable the self log for any of the above traffic by using the unset firewall log-self multicast command, which is the same as the set firewall log-self exclude multicast command.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search