http://kb.juniper.net/InfoCenter/index?page=content&id=KB4214&actp=search&viewlocale=en_US&searchid=1296236314942
Juniper Firewalls provide traffic logs to monitor and record the traffic
that policies permit across the firewall. A traffic log notes the
following elements for each session:
- Date and time that the connection started
- Source address and port number
- Translated source address and port number
- Destination address and port number
- The duration of the session
- The service used in the session
To log all traffic that a Juniper firewall device receives, you must enable the logging option for all policies.
To log specific traffic, enable logging only on policies that apply to that traffic.
The
firewall generates logs when sessions end. However beginning with
ScreenOS 5.2.0 and above, you also have the option to start logging at
session initiation. Logging at session init will not show duration but
it can be useful for troubleshooting purposes.
There are three ways to view the logs:
To configure the Juniper Firewall Traffic Log, perform the following steps:
Open the WebUI. For assistance, see KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI.
From the ScreenOS options menu, click Policies.
In the
From drop-down menu, select the desired
From and
To zones. For example, in the
From drop-down menu, click to select
Trust. In the
To drop-down menu, click to select
Untrust.
Click New or Edit.
Click to select Logging.
By checking the first box, the security device generates logs when sessions end. By checking the 'at Session Beginning', the security device generate logs when sessions start. If both are selected, you will get both entries.
Click OK.
You can view traffic logs stored in flash storage on the Juniper
firewall device through either the CLI or WebUI. You may also open or
save the file to the location you specify, and then use an ASCII text
editor (such as Notepad or WordPad) to view the file. Alternatively, you
can send them to an external storage space, or include traffic logs
with event logs sent by email to an administrator. To view the traffic
logs through the WebUI, perform the following:
To view the Traffic Logs from the ScreenOS options menu, click Reports, and then select Policies. To view the Traffic Logs from the CLI, enter the command get log traffic <options>
.