NETWORK ENGINEER BLOG

Tips and Reviews for Engineers

ScreenOS(CLI)でログを取得する

ScreenOS で許可/遮断したトラフィックの詳細を CLI で確認する際のメモ。
WebUI では、Reports > Policies > Traffic Log から確認できますが、ログが大量にある場合、CLI が便利です。
以下のとおり、"get log traffic policy"で確認します。

"get log traffic"実行例

-> get log traffic policy 1 service icmp
PID 1, from Trust to Untrust, src Any, dst Any, service ANY, action Deny
Total traffic entries matched under this policy = 4
==============================================================================================
Date       Time       Duration Source IP        Port Destination IP   Port Service  SessionID
Reason                         Xlated Src IP    Port Xlated Dst IP    Port ID
==============================================================================================
2012-10-25 12:10:00    0:00:00 x.x.x.x         30722 y.y.y.y           512 ICMP            0
Traffic Denied                 0.0.0.0             0 0.0.0.0             0
2012-10-25 12:10:00    0:00:00 x.x.x.x         32514 y.y.y.y           512 ICMP            0
Traffic Denied                 0.0.0.0             0 0.0.0.0             0
2012-10-25 12:10:00    0:00:00 x.x.x.x         30978 y.y.y.y           512 ICMP            0
Traffic Denied                 0.0.0.0             0 0.0.0.0             0
2012-10-25 12:10:00    0:00:00 x.x.x.x         31490 y.y.y.y           512 ICMP            0
Traffic Denied                 0.0.0.0             0 0.0.0.0             0
Total entries matched = 4

policy id は、"get policy" で確認します。