TechLibrary

Navigation

Supported Platforms

System Logging of Events Generated for the Firewall Facility

System log messages generated for firewall filter actions belong to the firewall facility. Just as you can for any other Junos OS system logging facility, you can direct firewall facility syslog messages to one or more specific destinations: to a specified file, to the terminal session of one or more logged in users (or to all users), to the router (or switch) console, or to a remote host or the other Routing Engine on the router (or switch).

When you configure a syslog message destination for firewall facility syslog messages, you include a statement at the [edit system syslog] hierarchy level, and you specify the firewall facility name together with a severity level. Messages from the firewall that are rated at the specified level or more severe are logged to the destination.

System log messages with the DFWD_ prefix are generated by the firewall process (dfwd), which manages compilation and downloading of Junos OS firewall filters. System log messages with the PFE_FW_ prefix are messages about firewall filters, generated by the Packet Forwarding Engine controller, which manages packet forwarding functions. For more information, see the Junos OS System Log Messages Reference.

Table 1 lists the system log destinations you can configure for the firewall facility.

Table 1: Syslog Message Destinations for the Firewall Facility

Destination	Description	Configuration Statements
^†When the structured-data statement is included, other statements that specify the format for messages written to the file are ignored (the explicit-priority statement at the [edit system syslog file filename] hierarchy level and the time-format statement at the [edit system syslog] hierarchy level).
File	Configuring this option keeps the firewall syslog messages out of the main system log file. To include priority and facility with messages written to the file, include the explicit-priority statement. To override the default standard message format, which is based on a UNIX system log format, include the structured-data statement.^†	[edit] system { syslog {file filename {firewall severity;allow-duplicates; # File optionarchive archive-optios; # File optionexplicit-priority; # File optionstructured-data; # File option}allow-duplicates; # All destinationsarchive archive-options; # All filestime-format (option); # Local destinations}}
Terminal session	Configuring this option causes a copy of the firewall syslog messages to be written to the specified terminal sessions. Specify one or more user names, or specify * for all logged in users.	[edit] system { syslog {user (*username* \| ) {firewall severity;}time-format (option)*; # Local destinations}}
Router (or switch) console	Configuring this option causes a copy of the firewall syslog messages to be written to the router (or switch) console.	[edit] system { syslog {console {firewall severity;}*time-format (option)*; # Local destinations}}
Remote host or the other Routing Engine	Configuring this option causes a copy of the firewall syslog messages to be written to the specified remote host or to the other Routing Engine. To override the default alternative facility for forwarding firewall syslog messages to a remote machine (local3), include the facility-override firewall statement. To include priority and facility with messages written to the file, include the explicit-priority statement.	[edit] system { syslog {host (hostname \| other-routing-engine) {firewall severity;allow-duplicates; # Host optionarchive archive-optios; # File optionfacility-override firewall; # Host optionexplicit-priority; # Host option}allow-duplicates; # All destinationsarchive archive-options; # All filestime-format (option); # Local destinations}}

By default, the timestamp recorded in a standard-format system log message specifies the month, date, hour, minute, and second when the message was logged, as in the example:

Sep 07 08:00:10

To include the year, the millisecond, or both in the timestamp for all system logging messages, regardless of the facility, include one of the following statement at the [edit system syslog] hierarchy level:

time-format year;
time-format millisecond;
time-format year millisecond;

The following example illustrates the format for a timestamp that includes both the millisecond (401) and the year (2010):

Sep 07 08:00:10.401.2010

TechLibrary

Supported Platforms

Related Documentation

System Logging of Events Generated for the Firewall Facility

Related Documentation

Published: 2013-04-10

Supported Platforms

Related Documentation

Published: 2013-04-10