SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  how to check deny traffic log in cli and webui

    Posted 12-24-2019 08:48

    Hi,

    We have configured below security policy but we are not getting deny log of source IP

     

    set security policies from-zone External to-zone DMZ policy DenyALL match source-address any-ipv4
    set security policies from-zone External to-zone DMZ policy DenyALL match destination-address any
    set security policies from-zone External to-zone DMZ policy DenyALL match application any
    set security policies from-zone External to-zone DMZ policy DenyALL then deny
    set security policies from-zone External to-zone DMZ policy DenyALL then log session-init
    set security policies from-zone External to-zone DMZ policy DenyALL then log session-close


    set system syslog file Denied-Traffic any any
    set system syslog file Denied-Traffic match RT_FLOW_SESSION_DENY

     

    Please suggest which command will help me to get the "deny" logs.   in CLI as we Webui.

    Please suggest if any additional config is required.

     

    Thanks in advance...



  • 2.  RE: how to check deny traffic log in cli and webui
    Best Answer

    Posted 12-24-2019 08:57

    Hi Target,

     

    1. "then log session-close" statement is not needed. The option used to log the traffic being denied is "then log session-init".

     

    2. Set the security logging mode to "event":

     

    # set security log mode event
    # commit

     

    3. If after the above changes you are still not seeing the logs, try with a broader match statement in the syslog file:

     

    # set system syslog file Denied-Traffic match RT_FLOW
    # commit
    # run show log Denied-Traffic