You want to log the hits on a ScreenOS policy and send the log data to the local traffic log, a syslog server, or a NetScreen Security Manager (NSM) server.
log keyword at the end of a policy maintains a count of the number of times this policy has been referenced since the last power up or counter reset. Furthermore, when the
log keyword is defined on a policy, a local traffic log entry is written to the ScreenOS gateway and is sent to any defined syslog servers and NSMs. Using the inter-zone policy configuration scenario in the solution to Recipe 7.1 as a reference, you configure the
log keyword on a policy as follows:
set policy from Trust to Secure_Servers Orion Andromeda
http permit log
log keyword on a ScreenOS policy kicks off traffic logging on several fronts:
Maintaining a counter of the number of "hits" on the policy
Writing a detailed traffic log entry in the ScreenOS gateway's local traffic log memory space
Sending a traffic log entry to a syslog server if a syslog server is configured and traffic logging to syslog is enabled
Sending a traffic log entry to NSM if the ScreenOS gateway is under NSM management
You can view the number of hits on this policy, registered when the
log keyword is configured, by checking the policy ID and then running a
get policy id
<policy id> command. The policy ID is checked:
get policy from Trust to Secure_ServersID From To Src-address Dst-address ...