Supported Platforms
show security log
Syntax
Release Information
Command introduced in Release 11.2 of Junos OS.
Description
Display security event logs. This command continuously displays security events on the screen. To stop the display, press Ctrl+c.
Options
all | — | Displays all audit event logs stored in the device memory. |
destination-address | — | Displays audit event logs with the specified destination address. |
destination-port | — | Displays audit event logs with the specified destination port. |
event-id | — | Displays audit event logs with the specified event identification number. |
failure | — | Displays failed audit event logs. |
interface-name | — | Displays audit event logs with the specified interface. |
newer-than | — | Displays audit event logs newer than the specified date and time. |
older-than | — | Displays audit event logs older than the specified date and time. |
process | — | Displays audit event logs with the specified process that generated the event. |
protocol | — | Displays audit event logs generated through the specified protocol. |
severity | — | Displays audit event logs generated with the specified severity. |
sort-by | — | Displays audit event logs generated sorted with the specified options. |
source-address | — | Displays audit event logs with the specified source address. |
source-port | — | Displays audit event logs with the specified source port. |
success | — | Displays successful audit event logs. |
username | — | Displays audit event logs generated for the specified user. |
Required Privilege Level
view
List of Sample Output
show security logOutput Fields
Table 1 lists the output fields for the show security log command. Output fields are listed in the approximate order in which they appear.
Table 1: show security log Output Fields
Field Name | Field Description |
|---|---|
Event time | The timestamp of the events received. On SRX Series devices, security logs were always timestamped using the UTC time zone by running set system time-zone utc and set security log utc-timestamp CLI commands. Now, time zone can be defined using the local time zone by running the set system time-zone time-zone command to specify the local time zone that the system should use when timestamping the security logs. |
Message | Security events are listed. |
Sample Output
show security log
user@host> show
security logEvent time Message 2010-10-22 13:28:37 CST session created 1.1.1.2/1->2.2.2.2/1308 icmp 1.1.1.2/1->2.2.2.2/1308 None None 1 policy1 trustZone untrustZone 52 N/A(N/A) ge-0/0/1.0 2010-10-22 13:28:38 CST session created 1.1.1.2/2->2.2.2.2/1308 icmp 1.1.1.2/2->2.2.2.2/1308 None None 1 policy1 trustZone untrustZone 54 N/A(N/A) ge-0/0/1.0 ...
2010-10-22 13:36:12 CST session denied 1.1.1.2/1->2.2.2.2/54812 icmp 1(8) policy1 trustZone untrustZone N/A(N/A) ge-0/0/1.0 2010-10-22 13:36:14 CST session denied 1.1.1.2/2->2.2.2.2/54812 icmp 1(8) policy1 trustZone untrustZone N/A(N/A) ge-0/0/1.0 ...
2010-10-27 15:50:11 CST IP spoofing! source: 2.2.2.20, destination: 2.2.2.2, protocol-id: 17, zone name: trustZone, interface name: ge-0/0/1.0, action: drop 2010-10-27 15:50:11 CST IP spoofing! source: 2.2.2.20, destination: 2.2.2.2, protocol-id: 17, zone name: trustZone, interface name: ge-0/0/1.0, action: drop ...
2011-02-18 15:53:34 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/common/certification-authority/ca-profile1-ca1.cert 2011-02-18 15:53:35 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/common/crl/ca-profile1.crl 2011-02-18 15:53:35 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/system-key-pair/system-generated.priv 2011-02-18 15:53:35 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/system-cert/system-generated.cert 2011-02-18 15:53:35 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/common/key-pair/cert1.priv 2011-02-18 15:53:42 CST PKID_PV_OBJECT_READ: A PKI object was read into memory from /var/db/certs/common/key-pair/test2.priv ...
2011-03-14 23:00:40 PDT IDP_COMMIT_COMPLETED: IDP policy commit is complete.
IDP_POLICY_LOAD_FAILED: IDP policy loading failed ;poli
cy[/var/db/idpd/bins/.bin.gz.v], detector[/usr/libdata/libidp-detector.so.tgz.v]
,failure detail[Policy loading failed :: Policy file not found
2011-03-14 23:00:58 PDT ]
IDP_POLICY_LOAD_FAILED: IDP policy loading failed ;poli
cy[/var/db/idpd/bins/.bin.gz.v], detector[/usr/libdata/libidp-detector.so.tgz.v]
,failure detail[Policy loading failed :: Policy file not found
2011-03-14 23:00:58 PDT ]
IDP_POLICY_LOAD_FAILED: IDP policy loading failed ;poli
cy[/var/db/idpd/bins/.bin.gz.v], detector[/usr/libdata/libidp-detector.so.tgz.v]
,failure detail[Policy loading failed :: Policy file not found
2011-03-14 23:00:58 PDT ]
...Event time Message 2011-03-21 14:21:49 CST UI_CMDLINE_READ_LINE: User 'root', command 'set date ntp 9.9.9.1 source-address 6.6.6.1 ' 2011-03-21 14:23:01 CST UI_CMDLINE_READ_LINE: User 'root', command 'set date ntp 9.9.9.1 source-address 6.6.6.1 ' 2011-03-21 14:23:05 CST KMD_PM_SA_ESTABLISHED: Local gateway: 7.7.7.1, Remote gateway: 8.8.8.1, Local ID: ipv4(any:0,[0..3]=6.6.6.1), Remote ID: ipv4(any:0,[0..3]=9.9.9.1), Direction: inbound, SPI: 37a2a179, AUX-SPI: 0, Mode: tunnel, Type: dynamic 2011-03-21 14:23:05 CST KMD_PM_SA_ESTABLISHED: Local gateway: 7.7.7.1, Remote gateway: 8.8.8.1, Local ID: ipv4(any:0,[0..3]=6.6.6.1), Remote ID: ipv4(any:0,[0..3]=9.9.9.1), Direction: outbound, SPI: b2231c1f, AUX-SPI: 0, Mode: tunnel, Type: dynamic 2011-03-21 14:23:08 CST UI_CMDLINE_READ_LINE: User 'root', command 'set date ntp 9.9.9.1 source-address 6.6.6.1 ' 2011-03-21 14:23:13 CST UI_CMDLINE_READ_LINE: User 'root', command 'show security log '
