TechLibrary

Navigation

Supported Platforms

Logging of Packet Headers Evaluated by a Firewall Filter Term

Built in to the stateless firewall filtering software is the capability to log packet-header information for the packets evaluated by a stateless firewall filter term. You can write the packet header information to the system log file on the local Routing Engine or to a firewall filter buffer in the Packet Forwarding Engine. Logging of packet headers evaluated by firewall filters is supported for standard stateless firewall filters for IPv4 or IPv6 traffic only. Service filters and simple filters do not support logging of packet headers.

Table 1 lists the packet-header logs you can configure for a firewall filter action.

Table 1: Packet-Header Logs for Stateless Firewall Filter Terms

Log	Description	Configuration Statements
Syslog message destinations configured for the firewall facility	Configure this option by using the syslog nonterminating action. Note: Packet header information is interspersed with event messages. To list log files, enter the show log operational mode command without command options. To display log file contents for a specific file in the /var/log directory on the local Routing Engine, enter the show log filename operational mode command or the file show /var/log/filename operational mode command. To clear log file contents, enter the clear log filename <all> operational mode command. If you include the all option, the specified log file is truncated, all archived versions of the log file are deleted.	firewall {family {filter filter-name {from {match-conditions;}then {...syslog;terminating-action;}}}}
Buffer in the Packet Forwarding Engine	Configure this option by using the log nonterminating action. Note: Restarting the router (or switch) causes the contents of this buffer to be cleared. To display the local log entries for firewall filters, enter the show firewall log operational mode command.	firewall {family {filter filter-name {from {match-conditions;}then {...log;terminating-action;}}}}

Log

Description

Configuration Statements

Syslog message destinations configured for the firewall facility

Configure this option by using the syslog nonterminating action.

Note: Packet header information is interspersed with event messages.

To list log files, enter the show log operational mode command without command options.

To display log file contents for a specific file in the /var/log directory on the local Routing Engine, enter the show log filename operational mode command or the file show /var/log/filename operational mode command.

To clear log file contents, enter the clear log filename <all> operational mode command. If you include the all option, the specified log file is truncated, all archived versions of the log file are deleted.

firewall {family {filter filter-name {from {match-conditions;}then {...syslog;terminating-action;}}}}

Buffer in the Packet Forwarding Engine

Configure this option by using the log nonterminating action.

Note: Restarting the router (or switch) causes the contents of this buffer to be cleared.

To display the local log entries for firewall filters, enter the show firewall log operational mode command.

firewall {family {filter filter-name {from {match-conditions;}then {...log;terminating-action;}}}}

TechLibrary

Supported Platforms

Related Documentation

Logging of Packet Headers Evaluated by a Firewall Filter Term

Related Documentation

Published: 2013-04-10

Supported Platforms

Related Documentation

Published: 2013-04-10