Syslog 配置
Juniper SRX轉發syslog 設定步驟如下:
step1: 以telnet登入Juniper SRX設備,進入設定模式。設定轉發syslog
user@host> configure
Entering configuration mode
[edit]
user@host#
指令格式:
set system syslog host <IP> <服務類別> <告警等級>
範例:
user@host# set system syslog host 192.168.0.41 any any
---optionset system syslog host 192.168.0.41 port 514 (syslog server預設為UDP 514)set system syslog host 192.168.0.41 source-address 192.168.0.254set system syslog host 192.168.0.41 structured-data
root@srx100# set system syslog host 192.168.0.41 ?Possible completions:allow-duplicates Do not suppress the repeated messageany All facilities+ apply-groups Groups from which to inherit configuration data+ apply-groups-except Don't inherit configuration data from these groupsauthorization Authorization systemchange-log Configuration change logconflict-log Configuration conflict logdaemon Various system processesdfc Dynamic flow captureexplicit-priority Include priority and facility in messagesexternal Local external applicationsfacility-override Alternate facility for logging to remote hostfirewall Firewall filtering systemftp FTP processinteractive-commands Commands executed by the UIkernel Kernellog-prefix Prefix for all logging to this hostmatch Regular expression for lines to be loggedntp NTP processpfe Packet Forwarding Engineport Port numbersecurity Security relatedsource-address Use specified address as source address> structured-data Log system message in structured formatuser User processesroot@srx100# set system syslog host 192.168.0.41 any ?Possible completions:alert Conditions that should be corrected immediatelyany All levelscritical Critical conditionsemergency Panic conditionserror Error conditionsinfo Informational messagesnone No messagesnotice Conditions that should be handled speciallywarning Warning messages[edit]
Netflow配置
Version5set interfaces vlan unit 0 family inet sampling inputset interfaces vlan unit 0 family inet sampling outputset forwarding-options sampling input rate 100set forwarding-options sampling family inet output flow-server 192.168.0.41 port 9001set forwarding-options sampling family inet output flow-server 192.168.0.41 version 5
Version9Juniper SRX Flow Monitoring Sampling 設定步驟如下:
step1: 以telnet登入Juniper SRX設備,進入設定模式。
user@host> configure
Entering configuration mode
[edit]
user@host#
step2: 設定J-flow取樣資訊。
user@host# set services flow-monitoring version9 template ipv4-test ipv4-template
user@host# set forwarding-options sampling input rate 100
user@host# set forwarding-options sampling input run-length 0
step3: 設定J-flow接收位置及使用的UDP端口。
user@host# set forwarding-options sampling family inet output flow-server < collector IP> port <port number>
user@host# set forwarding-options sampling family inet output flow-server < collector IP> version9 template ipv4-test
user@host# set forwarding-options sampling family inet output inline-jflow source-address <forwarding engine IP>
step4: 指定要取樣的設備介面。
user@host# set interfaces <介面名稱> unit 0 family inet sampling input
user@host# set interfaces <介面名稱> unit 0 family inet sampling output
介面名稱可為 fe-0/0/0 或是 vlan名稱,可從以下指令確認介面名稱
user@host# show interfaces驗證Juniper SRX Netflow 是否啟用
Juniper SRX J-flow步驟如下:step1: 以telnet登入Juniper SRX設備。step2: 確認J-flow取樣資料。
user@host> show services accounting flow
step3: 確認J-flow取樣內容。
user@host> show services accounting aggregation template template-name ipv4-test
參考文件:
netflow:
http://kb.juniper.net/InfoCenter/index?page=content&id=kb16677&actp=search
http://www.juniper.net/documentation/en_US/junos14.1/topics/reference/command-summary/show-services-accounting-flow.html#jd0e300
https://www.juniper.net/techpubs/en_US/junos14.2/topics/example/flowmonitoring-active-sampling-instance-example.html
