Example: Configuring AppTrack (CLI)

The following example enables AppTrack. The option selections specify that the first message is generated 1 minute after session start and that update messages are sent every 5 minutes after that until the session ends. A final message is sent at session end.

  1. Configure the remote syslog device to receive AppTrack messages.
    [edit]user@host# set security log format syslog user@host# set security log source-address 5.0.0.254 user@host# set security log stream idpdata host 5.0.0.1
  2. Navigate to the security level of the hierarchy.
    [edit]user@host# edit security
  3. Enable AppTrack for the security zone trust.
    [edit security]user@host# set zone security-zone trust application-tracking
  4. Generate update messages every 5 minutes.
    [edit security]user@host# set application-tracking session-update-interval 5
  5. Generate the first message 1 minute after session start.
    [edit security]user@host# set application-tracking first-update-interval 1

    Alternatively, to generate a message at session start and send update messages every 5 minutes after that, you could use the first-update option instead of the first-update-interval option.

    [edit security]user@host# set application-tracking first-update

    Note: If you specify both the first-update option and the first-update-interval option, the first-update-interval value is ignored.

  6. To verify that AppTrack is enabled and to check your settings, navigate to the top of the hierarchy and display the AppTrack configuration. In the following example, the application-tracking portion of the configuration listing shows 5-minute and 1-minute settings for the update intervals as configured in the previous steps.
    user@host# top[edit]user@host# show security application-tracking
    ...
    security {
         ...
         application-tracking {    
               session-update-interval 5;           #5 minutes
               first-update-interval 1;             #1 minute
         }
    
         ...
    }
    
  7. If you are finished configuring the device, commit the configuration.
    [edit]user@host# commit

For command option descriptions and values, see the JUNOS Software CLI Reference.

For general information about managing system log files, see the JUNOS Software Administration Guide for Security Devices.