show log messages.3.gz | match screen
Oct 09 12:30:19
Jul 19 18:17:02 rtr_199_w10_1G RT_IDS: RT_SCREEN_TCP: TCP sweep!
show system uptime
Oct 09 12:30:47
System booted: 2018-07-19 21:39:33 CDT
show configuration security screen | display set
Oct 09 12:34:25
set security screen ids-option untrust-screen icmp ip-sweep threshold 1000000
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip unknown-protocol
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-fin
set security screen ids-option untrust-screen tcp tcp-no-flag
set security screen ids-option untrust-screen tcp syn-frag
set security screen ids-option untrust-screen tcp port-scan threshold 1000000
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 1500
set security screen ids-option untrust-screen tcp syn-flood source-threshold 200
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 200
set security screen ids-option untrust-screen tcp syn-flood timeout 10
set security screen ids-option untrust-screen tcp land
set security screen ids-option untrust-screen tcp winnuke
set security screen ids-option untrust-screen tcp tcp-sweep threshold 1000000
set security screen ids-option untrust-screen udp udp-sweep threshold 1000000
set security screen ids-option untrust-screen limit-session source-ip-based 2000
set security screen ids-option untrust-screen limit-session destination-ip-based 2000
show configuration system syslog
Oct 09 12:31:21
user * {
any critical;
}
host 10.x.x.x {
any info;
source-address 192.x.x.x.;
}
file messages {
any warning;
authorization warning;
}
file ids {
any any;
match RT_IDS;
archive world-readable;
structured-data;
show log ids
Oct 09 12:32:15
Jul 19 18:17:00 rtr_199_w10_1G newsyslog[75343]: logfile turned over due to -F request
<11>1 2018-07-19T18:17:02.309-05:00 rtr_199_w10_1G RT_IDS - RT_SCREEN_TCP [junos@2636.1.1.1.2.137 attack-name="TCP sweep!" source-address="113.x.x.x=" source-port="6000" destination-address="40.x.x.x." destination-port="1433" source-zone-name="untrust"