Display the IDP log files to verify the IDP policy load and compilation status. When activating an IDP policy, you can view the IDP logs and verify if the policy is loaded and compiled successfully.
To track the load and compilation progress of an IDP policy, configure either one or both of the following in the CLI:
- user@host# set security idp traceoptions flag
all
- user@host# set system syslog file messages
any any
After committing the configuration in the CLI, enter either of the following commands from the shell prompt in the UNIX-level shell:
user@host> start shell
user@host% tail -f /var/log/idpd
Jun 9 18:15:40 logmsg <valid license found for feature 20> Jun 9 18:15:40 IDP feature license status: Valid license installed. Jun 9 18:15:40 idpd commit start... Jun 9 18:15:40 Entering enable processing. Jun 9 18:15:40 Enable value (default) Jun 9 18:15:40 IDP processing default. ... Jun 9 18:15:40 Apply policy configuration, policy ops bitmask = 45 Jun 9 18:15:40 Starting policy (idpengine) compile... Jun 9 18:16:10 policy compilation memory estimate: 57126048 Jun 9 18:16:10 ...Passed (Shows that the policy compilation is successful)Jun 9 18:16:10 Starting policy package... Jun 9 18:16:12 ...Policy Packaging Passed Jun 9 18:16:12 Starting policy load... Jun 9 18:16:12 Loading policy(/var/db/idpd/bins/idpengine.bin.gz.v + /var/db/idpd/sec-repository/libidp-detector.so.gz.v + /var/db/idpd/bins/compiled_ai.bin)... Jun 9 18:16:12 idpd_dev_add_ipc_connection called.. ... Jun 9 18:16:20 Reading sensor config... Jun 9 18:16:20 sensor/idp node does not exist, apply defaults Jun 9 18:16:20 idpd_dev_add_ipc_connection called... Jun 9 18:16:20 idpd_dev_add_ipc_connection: done. ... Jun 9 18:16:20 sensor conf successful Jun 9 18:16:20 ...idpd commit end Jun 9 18:16:20 Returning from commit mode, status = 0. (Shows the policy load is successful)
user@host> start shell
user@host% tail -f /var/log/messages
Jun 24 17:34:38 turtlebert mgd[4786]: UI_COMMIT_PROGRESS: Commit operation in progress: activating '/var/run/db/juniper.data' Jun 24 17:34:38 turtlebert mgd[4786]: UI_COMMIT_PROGRESS: Commit operation in progress: notifying daemons of new configuration Jun 24 17:34:38 turtlebert mgd[4786]: UI_COMMIT_PROGRESS: Commit operation in progress: notifying idpd(62) Jun 24 17:34:38 turtlebert mgd[4786]: UI_COMMIT_PROGRESS: Commit operation in progress: signaling 'IDP policy daemon', pid 4699, signal 1, status 0 with notification errors enabled ... Jun 24 17:34:45 turtlebert idpd[4699]: IDP_POLICY_LOAD_SUCCEEDED: IDP policy[/var/db/idpd/bins/test.bin.gz.v] and detector[/var/db/idpd/sec-repository/libidp-detector.so.gz.v] loaded successfully. IDPD Trace file: ... Jun 24 12:10:27 idpd_policy_load: idp policy pre-install succeeded Jun 24 12:10:27 idpd_comm_server_get_event:478: evGetNext got event. Jun 24 12:10:27 idpd_comm_server_get_event:486: evDispatch OK ... Jun 24 12:10:27 idpd_policy_load: idp policy install succeeded Jun 24 12:10:27 idpd_comm_server_get_event:486: evDispatch OK ... Jun 24 12:10:27 idpd_policy_load: idp policy post-install succeeded Jun 24 12:10:28 Reading sensor config... Jun 24 12:10:28 sensor/idp node does not exist, apply defaults Jun 24 12:10:28 sensor conf successful Jun 24 12:10:28 ...idpd commit end Jun 24 12:10:28 Returning from commit mode, status = 0.
Displays log messages showing the procedures that run in the background after you commit the set security idp active-policy command. This sample output shows that the policy compilation, sensor configuration, and policy load are successful.
To display the policy that is currently active, run the show security idp status command. For a complete description of this command, see the JUNOS Software CLI Reference.