Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    show firewall log

    Syntax

    show firewall log <detail><interface interface-name><logical-system (logical-system-name | all)>

    Syntax (EX Series Switches)

    show firewall log <detail><interface interface-name>

    Release Information

    Command introduced before Junos OS Release 7.4.

    Command introduced in Junos OS Release 9.0 for EX Series switches.

    logical-system option introduced in Junos OS Release 9.3.

    Description

    Display log information about firewall filters.

    Options

    none

    Display log information about firewall filters.

    detail

    (Optional) Display detailed information.

    interface interface-name

    (Optional) Display log information about a specific interface.

    logical-system (logical-system-name | all)

    (Optional) Perform this operation on all logical systems or on a particular system.

    Required Privilege Level

    view

    List of Sample Output

    show firewall log
    show firewall log detail

    Output Fields

    Table 1 lists the output fields for the show firewall log command. Output fields are listed in the approximate order in which they appear.

    Table 1: show firewall log Output Fields

    Field Name

    Field Description

    Time of Log

    Time that the event occurred.

    Filter

    • Displays the name of a configured firewall filter or service filter only if the packet hit the filter’s log action in a kernel filter (in the control plane). For any traffic that reaches the Routing Engine, the packets hit the log action in the kernel.
    • For all other logged packets (packet hit the filter’s log action in the Packet Forwarding Engine), this field displays pfe instead of a configured filter name.

    Filter Action

    Filter action:

    • A—Accept
    • D—Discard
    • R—Reject

    Name of Interface

    • Displays a physical interface name if the packet arrived at a port on a line card.
    • Displays local if the packet was generated by the device's internal Ethernet interface, em1 or fxp1, which connects the Routing Engine with the router’s packet-forwarding components.

    Name of protocol

    Packet’s protocol name: egp, gre, icmp, ipip, ospf, pim, rsvp, tcp, or udp.

    Packet length

    Length of the packet.

    Source address

    Packet’s source address.

    Destination address

    Packet’s destination address and port.

    Sample Output

    show firewall log

    user@host>show firewall log
    Time      Filter    Action Interface     Protocol  Src Addr      Dest Addr       
13:10:12  pfe       D      rlsq0.902     ICMP      180.1.177.2   180.1.177.1                   
13:10:11  pfe       D      rlsq0.902     ICMP      180.1.177.2   180.1.177.1

    show firewall log detail

    user@host> show firewall log detail
    Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of 
interface: fxp0.0Name of protocol: TCP, Packet Length: 50824, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 1020, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
Time of Log: 2004-10-13 10:37:17 PDT, Filter: f, Filter action: accept, Name of interface: fxp0.0
Name of protocol: TCP, Packet Length: 49245, Source address: 172.17.22.108:829, 
Destination address: 192.168.70.66:513
....

    Published: 2014-04-24

    Supported Platforms

    Published: 2014-04-24

    Previous Page Next Page