2016年2月2日 星期二

SRX 設定syslog、NetFlow


Syslog 配置


Juniper SRX轉發syslog 設定步驟如下:

step1:             telnet登入Juniper SRX設備,進入設定模式。
user@host> configure
Entering configuration mode
[edit]
user@host#

設定轉發syslog
指令格式
set system syslog host <IP> <
服務類別> <告警等級>
範例:

user@host# set system syslog host 192.168.0.41 any any
---option
set system syslog host 192.168.0.41 port 514  (syslog server預設為UDP 514)
set system syslog host 192.168.0.41 source-address 192.168.0.254
set system syslog host 192.168.0.41 structured-data
root@srx100# set system syslog host 192.168.0.41 ?
Possible completions:
  allow-duplicates     Do not suppress the repeated message
  any                  All facilities
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
  authorization        Authorization system
  change-log           Configuration change log
  conflict-log         Configuration conflict log
  daemon               Various system processes
  dfc                  Dynamic flow capture
  explicit-priority    Include priority and facility in messages
  external             Local external applications
  facility-override    Alternate facility for logging to remote host
  firewall             Firewall filtering system
  ftp                  FTP process
  interactive-commands  Commands executed by the UI
  kernel               Kernel
  log-prefix           Prefix for all logging to this host
  match                Regular expression for lines to be logged
  ntp                  NTP process
  pfe                  Packet Forwarding Engine
  port                 Port number
  security             Security related
  source-address       Use specified address as source address
> structured-data      Log system message in structured format
  user                 User processes

root@srx100# set system syslog host 192.168.0.41 any ?
Possible completions:
  alert                Conditions that should be corrected immediately
  any                  All levels
  critical             Critical conditions
  emergency            Panic conditions
  error                Error conditions
  info                 Informational messages
  none                 No messages
  notice               Conditions that should be handled specially
  warning              Warning messages
[edit]




Netflow配置

Version5
set interfaces vlan unit 0 family inet sampling input
set interfaces vlan unit 0 family inet sampling output
set forwarding-options sampling input rate 100
set forwarding-options sampling family inet output flow-server 192.168.0.41 port 9001
set forwarding-options sampling family inet output flow-server 192.168.0.41 version 5

Version9
Juniper SRX Flow Monitoring Sampling 設定步驟如下:

step1:             telnet登入Juniper SRX設備,進入設定模式。
user@host> configure
Entering configuration mode
[edit]
user@host#

step2:             設定J-flow取樣資訊。
user@host# set services flow-monitoring version9 template ipv4-test ipv4-template
user@host# set forwarding-options sampling input rate 100
user@host# set forwarding-options sampling input run-length 0

step3:             設定J-flow接收位置及使用的UDP端口。
user@host# set forwarding-options sampling family inet output flow-server <
collector IP> port <port number>
user@host# set forwarding-options sampling family inet output flow-server <
collector IP> version9 template ipv4-test
user@host# set forwarding-options sampling family inet output inline-jflow source-address <
forwarding engine IP>

step4:             指定要取樣的設備介面。
user@host# set interfaces <
介面名稱> unit 0 family inet sampling input
user@host# set interfaces <介面名稱> unit 0 family inet sampling output

介面名稱可為 fe-0/0/0 或是 vlan名稱,可從以下指令確認介面名稱
user@host# show interfaces

驗證Juniper SRX Netflow 是否啟用

Juniper SRX J-flow步驟如下:

step1:        telnet登入Juniper SRX設備。
step2:        確認J-flow取樣資料。
user@host> show services accounting flow


step3:        確認J-flow取樣內容。
user@host> show services accounting aggregation template template-name ipv4-test




參考文件:
netflow:
http://kb.juniper.net/InfoCenter/index?page=content&id=kb16677&actp=search


http://www.juniper.net/documentation/en_US/junos14.1/topics/reference/command-summary/show-services-accounting-flow.html#jd0e300

https://www.juniper.net/techpubs/en_US/junos14.2/topics/example/flowmonitoring-active-sampling-instance-example.html