show firewall log

Syntax

Display log information about firewall filters.

none	Display log information about firewall filters.
detail	(Optional) Display detailed information.
extensive	(Optional) Display hex dump of packet captured by log action.
interface `interface-name`	(Optional) Display log information about a specific interface.
logical-system (`logical-system-name` \| all)	(Optional) Perform this operation on all logical systems or on a particular system.

view

Table 1 lists the output fields for the show firewall log command. Output fields are listed in the approximate order in which they appear.

Table 1: show firewall log Output Fields
Field Name	Field Description
`Time of Log`	Time that the event occurred.
`Filter`	Displays the name of a configured firewall filter or service filter only if the packet hit the filter’s `log` action in a kernel filter (in the control plane). For any traffic that reaches the Routing Engine, the packets hit the `log` action in the kernel. For all other logged packets (packet hit the filter’s `log` action in the Packet Forwarding Engine), this field displays `pfe` instead of a configured filter name.
`Filter Action`	Filter action: `A`—Accept `D`—Discard `R`—Reject
`Name of Interface`	Displays a physical interface name if the packet arrived at a port on a line card. Displays `local` if the packet was generated by the device's internal Ethernet interface, `em1` or `fxp1`, which connects the Routing Engine with the router’s packet-forwarding components.
`Name of protocol`	Packet’s protocol name: `egp`, `gre`, `icmp`, `ipip`, `ospf`, `pim`, `rsvp`, `tcp`, or `udp`.
`Packet length`	Length of the packet.
`Source address`	Packet’s source address.
`Destination address`	Packet’s destination address and port.

Command introduced before Junos OS Release 7.4.

extensive option introduced in Junos OS Release 16.1.

logical-system option introduced in Junos OS Release 9.3.