Policy Framework Configuration Guide - Juniper Networks

Junos 10.4 Policy Framework Configuration Guide
}
}
}
This configuration causes the system log to write any messages with the syslog facility
of firewall to the file /var/log/filter. This keeps the messages out of the main system log
file and makes them easier to find.
Example: Configuring Firewall Filter System Logging
Create a filter that logs and counts ICMP packets that have 192.168.207.222 as either
their source or destination:
[edit]
firewall {
family inet {
filter icmp-syslog {
term icmp-match {
from {
address {
192.168.207.222/32;
}
protocol icmp;
}
then {
count packets;
syslog;
accept;
}
}
term default {
then accept;
}
}
}
}
Enter the show log filter command to display the results:
root@hostname> show log filter
Mar 20 08:03:11 hostname feb FW: so-0/1/0.0 A icmp 192.168.207.222
192.168.207.223 0 0 (1 packets)
This output file contains the following fields:
• Date and Time—Date and time at which the packet was received (not shown in the
default).
• Filter action:
• A—Accept (or next term)
• D—Discard
• R—Reject
• Protocol—Packet’s protocol name or number.
274
Copyright © 2010, Juniper Networks, Inc.