juniper SRX650 设置IDP记录日志到文件设置match时的问题.md
juniper SRX650 设置IDP记录日志到文件设置match时的问题.md
christopher1 发表于1年前
juniper SRX650 设置IDP记录日志到文件设置match时的问题.md
  • 发表于 1年前
  • 阅读 17
  • 收藏 0
  • 点赞 0
  • 评论 0

新睿云服务器60天免费使用,快来体验!>>>   

juniper SRX650 设置IDP日志记录

http://junosnotes.blogspot.com/2012/08/srx-idp.html中说明


> help syslog | match IDP

IDP_APPDDOS_APP_ATTACK_EVENT_LS  IDP: DDOS attack on application

IDP_APPDDOS_APP_STATE_EVENT      IDP: DDOS application state transition event

IDP_APPDDOS_APP_STATE_EVENT_LS   IDP: DDOS application state transition event

IDP_ATTACK_LOG_EVENT_LS          IDP attack log

IDP_COMMIT_COMPLETED             IDP policy commit completed

IDP_COMMIT_FAILED                IDP commit exited with failure

IDP_DAEMON_INIT_FAILED           Failed to initialize IDP daemon

IDP_IGNORED_IPV6_ADDRESSES       IDP ingnores IPv6 addresses

IDP_INTERNAL_ERROR               IDP daemon encountered an internal error.

IDP_POLICY_COMPILATION_FAILED    IDP policy compilation failed

IDP_POLICY_LOAD_FAILED           Failed to load an IDP policy

在设置syslog是用的match 是 IDP_ATTACK_LOG_EVENT_LS,但一直没有日志记录,后改成RT_IDP

就有了,发现日志中记录的是这样的:



Oct 31 13:51:27   RT_IDP: IDP_ATTACK_LOG_EVENT: IDP: at 1477893086, SIG Attack log <180.173.206.150/19438->43.254.106.11/80> 

for TCP protocol and service SERVICE_IDP application NONE by rule 3 of rulebase IPS in policy Recommended. attack: repeat=0, action=DROP, 

threat-severity=HIGH, name=HTTP:APACHE:FILEUPLOAD-CNT-TYPE, NAT <0.0.0.0:0->172.16.50.2:0>, time-elapsed=0, inbytes=0, outbytes=0,

 inpackets=0, outpackets=0, intf:untrust:ge-0/0/0.0->trust:ae2.0, packet-log-id: 0, alert=no and misc-message -



原来并非 IDP_ATTACK_LOG_EVENT_LS, 而是IDP_ATTACK_LOG_EVENT

标签: juniper
  • 打赏
  • 点赞
  • 收藏
  • 分享
共有 人打赏支持
粉丝 0
博文 10
码字总数 1480
×
christopher1
如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!
* 金额(元)
¥1 ¥5 ¥10 ¥20 其他金额
打赏人
留言
* 支付类型
微信扫码支付
打赏金额:
已支付成功
打赏金额: