show security log query
Show Security Log Query
show security log query {category all | utm | idp | alg | appqos | flow | fw-auth | gtp | ipsec | nat | pst-ds-lite | rtlog | screen | sctp | secintel} count < count>
[src-ip <src-ip>]
[dst-ip <dst-ip>]
[src-port <src-port>]
[dst-port <dst-port>]
[application <application>]
[user <user>]
[event-type <event-type>]
[service <service>]
[start-time <start-time>]
[stop-time <stop-time>]
Show Security Log Stream
show security log stream file <filename>
Description
show security log query—View the security log from the database with query conditions.show security log stream file—View all the security log messages in the specified log file. Use the/var/log/ hostlogsdirectory to search the specified log file, and use theshow security log stream filecommand to view logs in log files in the/var/log/hostlogsdirectory.
Options
count—The log number to output.
scr-ip—The source IP address of log messages.
dst-ip—The destination IP address of log messages.
src-port—The source port of log messages.
dst-port—The destination port of log messages.
application—The application of log messages.
user—The user of log messages.
event-type—The event type of log messages.
service—The service of log messages.
start-time—The earliest timestamp of log messages; the format for time is YYYY-MM-DDTHH:MM:SS.
stop-time—The latest timestamp of log messages.
Required Privilege Level
view
Sample Output
show security log query
rootr@dut> show security log query category flow count 20 src-ip 211.0.0.2 start-time 2013-11-29T00:00:00 end-time 2013-11-29T23:59:00 <14>1 2013-11-29T16:01:26.820+08:00 plat02 RT_FLOW - RT_FLOW_SESSION_CLOSE reason="CLI" source-address="211.0.0.2" source-port="20263" destination-address="211.0.1.3" destination-port="4903" service-name="None" nat-source-address="30.0.11.11" nat-source-port="27140" nat-destination-address="211.0.1.3" nat-destination-port="4903" src-nat-rule-name="src_rs2_rule1" dst-nat-rule-name="None" protocol-id="17" policy-name="p1" source-zone-name="green" destination-zone-name="red" session-id-32="30" packets-from-client="1" bytes-from-client="60" packets-from-server="0" bytes-from-server="0" elapsed-time="92683" application="UNKNOWN" nested-application="UNKNOWN" username="N/A" roles="N/A" packet-incoming-interface="ge-0/0/1.0" encrypted="UNKNOWN"
show security log stream file <file-name>
root@dut> show security log stream file traffic.log <14>1 2013-11-29T16:01:26.820+08:00 plat02 RT_FLOW - RT_FLOW_SESSION_CLOSE reason="CLI" source-address="211.0.0.2" source-port="20263" destination-address="211.0.1.3" destination-port="4903" service-name="None" nat-source-address="30.0.11.11" nat-source-port="27140" nat-destination-address="211.0.1.3" nat-destination-port="4903" src-nat-rule-name="src_rs2_rule1" dst-nat-rule-name="None" protocol-id="17" policy-name="p1" source-zone-name="green" destination-zone-name="red" session-id-32="30" packets-from-client="1" bytes-from-client="60" packets-from-server="0" bytes-from-server="0" elapsed-time="92683" application="UNKNOWN" nested-application="UNKNOWN" username="N/A" roles="N/A" packet-incoming-interface="ge-0/0/1.0" encrypted="UNKNOWN"] session closed CLI: 211.0.0.2/20263->211.0.1.3/4903 None 30.0.11.11/27140->211.0.1.3/4903 src_rs2_rule1 None 17 p1 green red 30 1(60) 0(0) 92683 UNKNOWN UNKNOWN N/A(N/A) ge-0/0/1.0 UNKNOWN
Release Information
Command introduced in Junos OS Release 15.1X49-D70.