O'Reilly logo

ScreenOS Cookbook by Sunil Wadhwa, Joe Kelly, Ken Draper, David Delcourt, Vik Davar, Stefan Brunner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

7.2. Log Hits on ScreenOS Policies

Problem

You want to log the hits on a ScreenOS policy and send the log data to the local traffic log, a syslog server, or a NetScreen Security Manager (NSM) server.

Solution

The log keyword at the end of a policy maintains a count of the number of times this policy has been referenced since the last power up or counter reset. Furthermore, when the log keyword is defined on a policy, a local traffic log entry is written to the ScreenOS gateway and is sent to any defined syslog servers and NSMs. Using the inter-zone policy configuration scenario in the solution to Recipe 7.1 as a reference, you configure the log keyword on a policy as follows:

	Internal_fw-> set policy from Trust to Secure_Servers Orion Andromedahttp permit log

Discussion

Enabling the log keyword on a ScreenOS policy kicks off traffic logging on several fronts:

  • Maintaining a counter of the number of "hits" on the policy

  • Writing a detailed traffic log entry in the ScreenOS gateway's local traffic log memory space

  • Sending a traffic log entry to a syslog server if a syslog server is configured and traffic logging to syslog is enabled

  • Sending a traffic log entry to NSM if the ScreenOS gateway is under NSM management

You can view the number of hits on this policy, registered when the log keyword is configured, by checking the policy ID and then running a get policy id <policy id> command. The policy ID is checked:

	Internal_fw-> get policy from Trust to Secure_Servers ID From To Src-address Dst-address ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required