show security idp counters packet-log
Syntax
show security idp counters packet-log <logical-system (logical-system-name | all)> <tenant (tenant-name | all)>
Description
Displays the values of all IDP packet-log counters.
Starting in Junos OS Release 22.1R1, you can enable a secure SSL or TLS connection to send encrypted IDP packet capture log to the packet capture receiver. To establish the SSL or TLS connection, you must specify the SSL initiation profile that you want to use in the IDP packet log configuration. With this encryption support the output of this command is also enhanced to provide information on maximum number of RTCOM ports.
Options
| none | Displays the values of all IDP packet-log counters. |
| logical-system logical-system-name | (Optional) Displays the values of all IDP packet-log counters for a specific logical system. |
| logical-system all | (Optional) Displays the values of all IDP packet-log counters for all logical systems. Displays values for all IDP counters from Junos release version 20.3R3. |
| tenant tenant-name | (Optional) Displays the values of all IDP packet-log counters for a specific tenant system. |
Required Privilege Level
view
Output Fields
The following table lists the output fields for the show security idp counters packet-log command. Output fields
are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
|
Number of packets captured by the device by the IDP service. |
|
|
Number of sessions that have performed packet capture since the capture facility was activated. |
|
|
Number of sessions that are actively capturing packets at this time. |
|
|
Number of packets that have been captured by active sessions. |
|
|
Number of packet capture failures due to cloning error. |
|
|
Number of objects containing log messages generated during packet capture that were not successfully transmitted to the host. |
|
|
Number of objects containing captured packets that were not successfully transmitted to the host. |
|
|
Number of sessions that could not initiate packet capture because the maximum number of sessions specified for the device were conducting captures at that time. |
|
|
Number of packets not captured because the packet limit specified for this device was reached. |
|
|
Number of packets not captured because the memory allocated for packet capture on this device was exceeded. |
|
|
Number of times captured packet failures due to missing route details. |
|
|
This counter is incremented each time RTCOM com create request is successful. This does not mean that the TCP + SSL handshake is complete, and connection is UP. |
|
|
This counter is incremented each time RTCOM com create request is failed due to an invalid parameter. |
|
|
This counter is incremented each time RTCOM com create request is failed due to lack of ports availability. |
|
|
This counter is incremented each time RTCOM com create request is failed due to IDP plugin is not registered with RTCOM or registration was failed. |
|
|
This counter is incremented each time IDP plugin receives an event CREATE DONE from RTCOM plugin. This event is basically received after the handshake was complete and connection is established to the host. |
|
|
This counter is incremented each time IDP plugin receives an event PEER CLOSE from RTCOM plugin. This event is basically received if the SSL/TLS connection is closed by host due to some reason. |
|
|
This counter is incremented each time IDP plugin receives an event CONN ABORT from RTCOM plugin. This event is basically received if the SSL/TLS connection is aborted due to some reason. |
|
|
This counter is incremented each time IDP plugin receives an event DATA RCVD from RTCOM plugin. This event is basically received if some data is received on the established connection from the host. |
|
|
This counter is incremented when the SSL/TLS connection is successful to the host. Basically, handshake is completed, and data can be send over the established connection. |
|
|
This counter is incremented when SSL/TLS connection can not be established to the specified host even after 3 retries. Only 3 connection attempts are made to the configured host initially and on receiving CONN ABORT or PEER CLOSE event. If connection is no successful even after 3 attempts, no more further attempts are performed and this counter is incremented. |
|
|
Number of SSL/TLS connections closed successfully. This counter is incremented only for such connections on which connection is up and gets closed later. |
|
|
This counter is incremented each time RTCOM send is successful. For a single packet log, it will be incremented multiple time as packet log is send as a chunk of 1024 bytes. |
|
|
This counter is incremented each time RTCOM send is failed. |
|
|
This counter is incremented each time a new RTCOM context structure is created for a specific host ip, host port, source ip, LSYS identifier, SSL identifier combination. |
|
|
This counter is incremented each time a RTCOM context structure is reused for a specific host IP, host port, source IP, LSYS identifier, SSL identifier combination. This happens when attacks are getting detected simultaneously on a specific LSYS across different sessions. All the packet logs corresponding to those different sessions are sent using same SSL/TLS connection. |
|
|
This counter is incremented each time a RTCOM context structure is destroyed. This happens only when no session or no packet log is referring that context to send packet logs. |
|
|
This counter is incremented each time a packet log is send successfully. |
|
|
This counter is incremented each time a packet log is send failed. |
Sample Output
- show security idp counters packet-log
- show security idp counters packet-log logical-system LSYS1
- show security idp counters packet-log tenant TSYS1
show security idp counters packet-log
user@host> show security idp counters packet-log IDP counters: Value Total packets captured since packet capture was activated 0 Total sessions enabled since packet capture was activated 0 Sessions currently enabled for packet capture 0 Packets currently captured for enabled sessions 0 Packet clone failures 0 Session log object failures 0 Session packet log object failures 0 Sessions skipped because session limit exceeded 0 Packets skipped because packet limit exceeded 0 Packets skipped because total memory limit exceeded 0 Packet log host route lookup failures 0 Number of Packet-Log RTCOM create req successful 1 Number of Packet-Log RTCOM create req failed due to invalid param 0 Number of Packet-Log RTCOM create req failed due to quota exceed 0 Number of Packet-Log RTCOM create req failed due to status not ready 0 Number of Packet-Log RTCOM create done event received 1 Number of Packet-Log RTCOM peer close event received 0 Number of Packet-Log RTCOM conn abort event received 0 Number of Packet-Log RTCOM data rcvd event received 0 Number of Packet-Log RTCOM connections established successfully 1 Number of Packet-Log RTCOM connections failed after retries 0 Number of Packet-Log RTCOM connections closed successfully 1 Number of Packet-Log RTCOM data send successful 20 Number of Packet-Log RTCOM data send failed 0 Number of Packet-Log RTCOM contexts created 1 Number of Packet-Log RTCOM contexts reused 9 Number of Packet-Log RTCOM contexts destroyed 1 Number of Packet-Log RTCOM packet log send successful 10 Number of Packet-Log RTCOM packet log send failed 0
show security idp counters packet-log logical-system LSYS1
user@host> show security idp counters packet-log logical-system LSYS1 IDP counters: IDP counter type Value No of file-decoder requests from MIME over HTTP 0 No of pending file-decoder requests from MIME over HTTP 0 No of completd file-decoder requests from MIME over HTTP 0 No of unrecognized file type from MIME over HTTP 0 No of compressed payload transferred over HTTP 0 No of bypassed files over HTTP 0 Packet log host route lookup failures 0 Number of Packet-Log RTCOM create req successful 1 Number of Packet-Log RTCOM create req failed due to invalid param 0 Number of Packet-Log RTCOM create req failed due to quota exceed 0 Number of Packet-Log RTCOM create req failed due to status not ready 0 Number of Packet-Log RTCOM create done event received 1 Number of Packet-Log RTCOM peer close event received 0 Number of Packet-Log RTCOM conn abort event received 0 Number of Packet-Log RTCOM data rcvd event received 0 Number of Packet-Log RTCOM connections established successfully 1 Number of Packet-Log RTCOM connections failed after retries 0 Number of Packet-Log RTCOM connections closed successfully 1 Number of Packet-Log RTCOM data send successful 20 Number of Packet-Log RTCOM data send failed 0 Number of Packet-Log RTCOM contexts created 1 Number of Packet-Log RTCOM contexts reused 9 Number of Packet-Log RTCOM contexts destroyed 1 Number of Packet-Log RTCOM packet log send successful 10 Number of Packet-Log RTCOM packet log send failed 0 user@host> show security idp counters packet-log logical-system Tn1 IDP counters: IDP counter type Value Total packets captured since packet capture was activated 0 Total sessions enabled since packet capture was activated 0 Sessions currently enabled for packet capture 0 Packets currently captured for enabled sessions 0 Packet clone failures 0 Session log object failures 0 Session packet log object failures 0 Sessions skipped because session limit exceeded 0 Packets skipped because packet limit exceeded 0 Packets skipped because total memory limit exceeded 0 Number of Packet-Log RTCOM create req successful 1 Number of Packet-Log RTCOM create req failed due to invalid param 0 Number of Packet-Log RTCOM create req failed due to quota exceed 0 Number of Packet-Log RTCOM create req failed due to status not ready 0 Number of Packet-Log RTCOM create done event received 1 Number of Packet-Log RTCOM peer close event received 0 Number of Packet-Log RTCOM conn abort event received 0 Number of Packet-Log RTCOM data rcvd event received 0 Number of Packet-Log RTCOM connections established successfully 1 Number of Packet-Log RTCOM connections failed after retries 0 Number of Packet-Log RTCOM connections closed successfully 1 Number of Packet-Log RTCOM data send successful 20 Number of Packet-Log RTCOM data send failed 0 Number of Packet-Log RTCOM contexts created 1 Number of Packet-Log RTCOM contexts reused 9 Number of Packet-Log RTCOM contexts destroyed 1 Number of Packet-Log RTCOM packet log send successful 10 Number of Packet-Log RTCOM packet log send failed 0
show security idp counters packet-log tenant TSYS1
user@host> show security idp counters packet-log tenant TSYS1 IDP counters: IDP counter type Value Total packets captured since packet capture was activated 0 Total sessions enabled since packet capture was activated 0 Sessions currently enabled for packet capture 0 Packets currently captured for enabled sessions 0 Packet clone failures 0 Session log object failures 0 Session packet log object failures 0 Sessions skipped because session limit exceeded 0 Packets skipped because packet limit exceeded 0 Packets skipped because total memory limit exceeded 0 Number of Packet-Log RTCOM create req successful 1 Number of Packet-Log RTCOM create req failed due to invalid param 0 Number of Packet-Log RTCOM create req failed due to quota exceed 0 Number of Packet-Log RTCOM create req failed due to status not ready 0 Number of Packet-Log RTCOM create done event received 1 Number of Packet-Log RTCOM peer close event received 0 Number of Packet-Log RTCOM conn abort event received 0 Number of Packet-Log RTCOM data rcvd event received 0 Number of Packet-Log RTCOM connections established successfully 1 Number of Packet-Log RTCOM connections failed after retries 0 Number of Packet-Log RTCOM connections closed successfully 1 Number of Packet-Log RTCOM data send successful 20 Number of Packet-Log RTCOM data send failed 0 Number of Packet-Log RTCOM contexts created 1 Number of Packet-Log RTCOM contexts reused 9 Number of Packet-Log RTCOM contexts destroyed 1 Number of Packet-Log RTCOM packet log send successful 10 Number of Packet-Log RTCOM packet log send failed 0
show security idp counters packet-log tenant all
user@host> show security idp counters packet-log logical-system all
root@idpdevesx16-vsrx2-12> show security idp counters packet logical-system all
Logical System: root-logical-system
IDP counters:
IDP counter type Value
Processed packets 0
Dropped packets 0
Dropped ICMP packets 0
Dropped TCP packets 0
Dropped UDP packets 0
Dropped Other packets 0
Dropped by IDP Policy 0
Dropped by Error 0
Dropped sessions 0
Bad IP headers 0
Packets with IP options 0
Decapsulated packets 0
GRE decapsulations 0
PPP decapsulations 0
GTP decapsulations 0
GTP flows 0
TCP decompression uncompressed IP 0
TCP decompression compressed IP 0
Deferred-send packets 0
Ktimer entry optimized 0
TTL errors 0
Routing loops 0
STP drops 0
No-route packets 0
Flood IP 0
Invalid ethernet headers 0
Packets attached 0
IP Packet attach failed 0
Packets cloned 0
Packets allocated 0
Packets destructed 0
Packets destructed in pipeline 0
Packet data buffer allocated 0
Packet data buffer released 0
Buffer allocation on clone avoided 0
Late buffer allocation on clone 0
Distinct clone request 0
KPP clone buf cache allocated 0
KPP clone buf cache released 0
KPP clone buf cache used 0
KQMSG constructed 0
KQMSG destructed 0
KQMSG destructed in pipeline 0
jbuf copy failed 0
jbuf pullup failed 0
jbuf copy done 0
jbuf copy freed 0
jbuf copy reinjected 0
Logical System: LSYS0
IDP counters:
IDP counter type Value
Processed packets 0
Dropped packets 0
Dropped ICMP packets 0
Dropped TCP packets 0
Dropped UDP packets 0
Dropped Other packets 0
Dropped by IDP Policy 0
Dropped by Error 0
Dropped sessions 0
Bad IP headers 0
Packets with IP options 0
Decapsulated packets 0
GRE decapsulations 0
PPP decapsulations 0
GTP decapsulations 0
GTP flows 0
TCP decompression uncompressed IP 0
TCP decompression compressed IP 0
Deferred-send packets 0
Ktimer entry optimized 0
TTL errors 0
Routing loops 0
STP drops 0
No-route packets 0
Flood IP 0
Invalid ethernet headers 0
Packets attached 0
IP Packet attach failed 0
Packets cloned 0
Packets allocated 0
Packets destructed 0
Packets destructed in pipeline 0
Packet data buffer allocated 0
Packet data buffer released 0
Buffer allocation on clone avoided 0
Late buffer allocation on clone 0
Distinct clone request 0
KPP clone buf cache allocated 0
KPP clone buf cache released 0
KPP clone buf cache used 0
KQMSG constructed 0
KQMSG destructed 0
KQMSG destructed in pipeline 0
jbuf copy failed 0
jbuf pullup failed 0
jbuf copy done 0
jbuf copy freed 0
jbuf copy reinjected 0
Logical System: LSYS2
IDP counters:
IDP counter type Value
Processed packets 0
Dropped packets 0
Dropped ICMP packets 0
Dropped TCP packets 0
Dropped UDP packets 0
Dropped Other packets 0
Dropped by IDP Policy 0
Dropped by Error 0
Dropped sessions 0
Bad IP headers 0
Packets with IP options 0
Decapsulated packets 0
GRE decapsulations 0
PPP decapsulations 0
GTP decapsulations 0
GTP flows 0
TCP decompression uncompressed IP 0
TCP decompression compressed IP 0
Deferred-send packets 0
Ktimer entry optimized 0
TTL errors 0
Routing loops 0
STP drops 0
No-route packets 0
Flood IP 0
Invalid ethernet headers 0
Packets attached 0
IP Packet attach failed 0
Packets cloned 0
Packets allocated 0
Packets destructed 0
Packets destructed in pipeline 0
Packet data buffer allocated 0
Packet data buffer released 0
Buffer allocation on clone avoided 0
Late buffer allocation on clone 0
Distinct clone request 0
KPP clone buf cache allocated 0
KPP clone buf cache released 0
KPP clone buf cache used 0
KQMSG constructed 0
KQMSG destructed 0
KQMSG destructed in pipeline 0
jbuf copy failed 0
jbuf pullup failed 0
jbuf copy done 0
jbuf copy freed 0
jbuf copy reinjected 0
Logical System: LSYS1
IDP counters:
IDP counter type Value
Processed packets 0
Dropped packets 0
Dropped ICMP packets 0
Dropped TCP packets 0
Dropped UDP packets 0
Dropped Other packets 0
Dropped by IDP Policy 0
Dropped by Error 0
Dropped sessions 0
Bad IP headers 0
Packets with IP options 0
Decapsulated packets 0
GRE decapsulations 0
PPP decapsulations 0
GTP decapsulations 0
GTP flows 0
TCP decompression uncompressed IP 0
TCP decompression compressed IP 0
Deferred-send packets 0
Ktimer entry optimized 0
TTL errors 0
Routing loops 0
STP drops 0
No-route packets 0
Flood IP 0
Invalid ethernet headers 0
Packets attached 0
IP Packet attach failed 0
Packets cloned 0
Packets allocated 0
Packets destructed 0
Packets destructed in pipeline 0
Packet data buffer allocated 0
Packet data buffer released 0
Buffer allocation on clone avoided 0
Late buffer allocation on clone 0
Distinct clone request 0
KPP clone buf cache allocated 0
KPP clone buf cache released 0
KPP clone buf cache used 0
KQMSG constructed 0
KQMSG destructed 0
KQMSG destructed in pipeline 0
jbuf copy failed 0
jbuf pullup failed 0
jbuf copy done 0
jbuf copy freed 0
jbuf copy reinjected 0
IDP counters:
LSYS1:
IDP counter type Value
No of file-decoder requests from MIME over HTTP 0
No of pending file-decoder requests from MIME over HTTP 0
No of completd file-decoder requests from MIME over HTTP 0
No of unrecognized file type from MIME over HTTP 0
No of compressed payload transferred over HTTP 0
No of bypassed files over HTTP 0
Packet log host route lookup failures 0
Number of Packet-Log RTCOM create req successful 1
Number of Packet-Log RTCOM create req failed due to invalid param 0
Number of Packet-Log RTCOM create req failed due to quota exceed 0
Number of Packet-Log RTCOM create req failed due to status not ready 0
Number of Packet-Log RTCOM create done event received 1
Number of Packet-Log RTCOM peer close event received 0
Number of Packet-Log RTCOM conn abort event received 0
Number of Packet-Log RTCOM data rcvd event received 0
Number of Packet-Log RTCOM connections established successfully 1
Number of Packet-Log RTCOM connections failed after retries 0
Number of Packet-Log RTCOM connections closed successfully 1
Number of Packet-Log RTCOM data send successful 20
Number of Packet-Log RTCOM data send failed 0
Number of Packet-Log RTCOM contexts created 1
Number of Packet-Log RTCOM contexts reused 9
Number of Packet-Log RTCOM contexts destroyed 1
Number of Packet-Log RTCOM packet log send successful 10
Number of Packet-Log RTCOM packet log send failed 0
Release Information
Command introduced in Junos OS Release 10.2.
logical-system option introduced in Junos OS Release 18.3R1.
tenant option introduced in Junos OS Release 19.2R1.