show security alarms
Syntax
show security alarms <detail> <alarm-id id-number> <alarm-type [ types ]> <newer-than YYYY-MM-DD.HH:MM:SS> <older-than YYYY-MM-DD.HH:MM:SS> <process process> <severity severity>
Description
Display the alarms that are active on the device. Run this command when the CLI prompt indicates that a security alarm has been raised, as shown here:
[1 SECURITY ALARM] user@host#
Options
| none | Display all active alarms. |
| detail | (Optional) Display detailed output. |
| alarm-id id-number | (Optional) Display the specified alarm. |
| alarm-type [ types ] | (Optional) Display the specified alarm type or a set of types. You can specify one or more of the following alarm types:
|
| newer-than YYYY-MM-DD.HH:MM:SS | (Optional) Display active alarms that were raised after the specified date and time. |
| older-than YYYY-MM-DD.HH:MM:SS | (Optional) Display active alarms that were raised before the specified date and time. |
| process process | (Optional) Display active alarms that were raised by the specified system process. |
| severity severity | (Optional) Display active alarms of the specified severity. You can specify the following severity levels:
|
Required Privilege Level
security—To view this statement in the configuration.
Output Fields
Table 1 lists
the output fields for the show security alarms command.
Output fields are listed in the approximate order in which they appear.
Field names might be abbreviated (as shown in parentheses) when no
level of output is specified or when the detail keyword
is used.
Field Name |
Field Description |
Level of Output |
|---|---|---|
|
Identification number of the alarm. |
All levels |
|
Date and time the alarm was raised.. |
All levels |
|
Information about the alarm, including the alarm type, username, IP address, and port number. |
All levels |
|
System process (For example, login or sshd) and process identification number associated with the alarm. |
|
|
Severity level of the alarm. |
|
Sample Output
- show security alarms
- show security alarms detail
- show security alarms alarm-id
- show security alarms alarm-type authentication
- show security alarms newer-than <time>
- show security alarms older-than <time>
- show security alarms process <process>
- show security alarms severity <severity>
show security alarms
[3 SECURITY ALARMS] user@router> show security alarms ID Alarm time Message 1 2010-01-19 13:41:36 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’ 2 2010-01-19 13:41:52 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’ 3 2010-01-19 13:42:13 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’
show security alarms detail
[3 SECURITY ALARMS] user@router> show security alarms detail Alarm ID : 1 Alarm Type : authentication Time : 2010-01-19 13:41:36 PST Message : SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’ Process : sshd (pid 1414) Severity : notice Alarm ID : 2 Alarm Type : authentication Time : 2010-01-19 13:41:52 PST Message : SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’ Process : sshd (pid 1414) Severity : notice Alarm ID : 3 Alarm Type : authentication Time : 2010-01-19 13:42:13 PST Message : SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’ Process : sshd (pid 1414) Severity : notice
show security alarms alarm-id
[3 SECURITY ALARMS] user@router> show security alarms alarm-id 1 ID Alarm time Message 1 2010-01-19 13:41:36 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’
show security alarms alarm-type authentication
[3 SECURITY ALARMS] user@router> show security alarms alarm-type authentication ID Alarm time Message 1 2010-01-19 13:41:36 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’ 2 2010-01-19 13:41:52 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’ 3 2010-01-19 13:42:13 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’
show security alarms newer-than <time>
[3 SECURITY ALARMS] user@router> show security alarms newer-than 2010-01-19.13:41:59 3 2010-01-19 13:42:13 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’
show security alarms older-than <time>
[3 SECURITY ALARMS] user@router> show security alarms older-than 2010-01-19.13:41:59 ID Alarm time Message 1 2010-01-19 13:41:36 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’ 2 2010-01-19 13:41:52 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’
show security alarms process <process>
[3 SECURITY ALARMS] user@router> show security alarms process sshd ID Alarm time Message 1 2010-01-19 13:41:36 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’ 2 2010-01-19 13:41:52 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’ 3 2010-01-19 13:42:13 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’
show security alarms severity <severity>
[3 SECURITY ALARMS] user@router> show security alarms severity notice ID Alarm time Message 1 2010-01-19 13:41:36 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’ 2 2010-01-19 13:41:52 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’ 3 2010-01-19 13:42:13 PST SSHD_LOGIN_FAILED_LIMIT: Specified number of login failures (1) for user 'user' reached from '203.0.113.2’
Release Information
Command introduced in Junos OS Release 11.2.