详细日志的关键字可以通过https://apps.juniper.net/syslog-explorer/查询
查询日志可通过命令show log XXX显示 ,其中XXX为文件名
set security log mode stream
set security log report
为了记录日志发生时间的准确性,建议首先设置好ntp服务器
set system ntp server cn.pool.ntp.org
记录接口up down状态
set system syslog file interfaces-logs any any
set system syslog file interfaces-logs match ifOperStatus
VPN日志记录
set system syslog file kmd-logs daemon info
set system syslog file kmd-logs match KMD
用户命令执行记录
set system syslog file interactive-commands interactive-commands any
用户认证记录(所有)
set system syslog file auth.log authorization info
用户认证成功记录
set system syslog file auth_success.log authorization info
set system syslog file auth_success.log match "Accepted| LOGIN_INFORMATION"
用户修改记录
set system syslog file change.log change-log info
记录dynamic vpn用户认证记录
Set system syslog file dyn_success.log any any
Set system syslog file dyn_success.log match "DYNAMIC_VPN| FWAUTH| KMD_VPN_UP_ALARM_USER"
记录ping对端IP不可达
set system syslog file ping_to_GZ any any
set system syslog file ping_to_GZ match "PING_TEST_FAILED| PING_PROBE_FAILED"
set services rpm probe prob test ping_test_to_GZ target address 192.168.12.12
set services rpm probe prob test ping_test_to_GZ probe-count 5
set services rpm probe prob test ping_test_to_GZ probe-interval 1
set services rpm probe prob test ping_test_to_GZ test-interval 2
set services rpm probe prob test ping_test_to_GZ thresholds successive-loss 2
set services rpm probe prob test ping_test_to_GZ thresholds total-loss 4
记录会话日志
set system syslog file traffic-log any any
set system syslog file traffic-log match "RT_FLOW_SESSION"
策略中要加上session-init或session-close \ couunt
set system syslog file policy_session user info
set system syslog file policy_session match RT_FLOW
set system syslog file policy_session archive size 1000k
set system syslog file policy_session archive world-readable
set system syslog file policy_session structured-data
将syslog发送到远程日志服务器
Set system syslog host 192.168.0.123 any any
记录IDP日志
set system syslog file IDP_Log any any
set system syslog file IDP_Log match "RT_IDP"