Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Netscreen email logging

From: "Philip J. Koenig" <pjklist () ekahuna com>
Date: Sat, 28 Sep 2002 14:19:35 -0700
On 28 Sep 2002 at 16:07, Clark, Steve boldly uttered: 


Make sure you have checked Log Packets to Self that are dropped. You will
start to see the alert email.



Interesting suggestion, but still not working for me.  Here's the 
policy I'm using to test alarms:

set policy id 0 name "test" toDMZ "<specific trusted address>" "DMZ 
any" deny log count alarm 1 2


Then I test this by running from a Win95 box:

"ping -n 20 -l 1000 <address on DMZ>"


Now maybe the problem here is that the "alarm" policy parameter has 
its threshold defined in BYTES, not in PACKETS.  Would this imply 
that those packets actually have to *travel* over the interface to be 
counted.. ie not just be hitting the interface and being dropped?  
Because I would have thought that the command above would have 
generated 20k of data.

FYI - it shows up fine in the traffic log.

Bruce Platt writes:


Steve,

Perhaps this works for you.  Not for me.  I do get very nice traffic
logs mailed to me though :-)

 

I'd consider it progress if I got those. :-)


Thanks,

Phil



-----Original Message-----
From: Bruce Platt [mailto:Bruce () ei3 com] 
Sent: Saturday, September 28, 2002 8:25 AM
To: 'pjklist () ekahuna com'
Cc: firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] Netscreen email logging

Philip,

I can't find your original message, but I think you were after an answer as
to why you don't get alert messages, such as those in the event logs mailed
to you, while getting traffic logs mailed.  

I don't either, though my NSs are configured for it, and I get lots of
traffic mail.

You might want to ask the folks at www.netscreenforum.com.  It's a forum
rather than a mailing list and inhabited by some very knowledgable folks.  

I have the same question on my list of things to figure out when I get time.
I was planning on posing the question there.

Regards

-----Original Message-----
From: Philip J. Koenig [mailto:pjklist () ekahuna com]
Sent: Friday, September 27, 2002 2:37 PM
To: Juhani Lahti
Cc: firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] Netscreen email logging


On 27 Sep 2002 at 15:43, Juhani Lahti boldly uttered: 


I have 5XP and get logs and alerts. In the begining(when you are just
installed your NetScreen) NetScreen doesn't send any logs to you , I don't
know why.
I got my first logs about two days after installation.

Remember enable logging, when you create security policies.


Yes logging is enabled - ie various policies have "permit log count" 
or "deny log count" at the end. (I configure primarily via CLI)

In the case of the 5XP, it has been sitting there for months without 
sending logs.

Thanks for your suggestions.

Phil




-----Original Message-----
From:     Philip J. Koenig [SMTP:pjklist () ekahuna com]
Sent:     27. syyskuuta 2002 06:07
To:       firewall-wizards () nfr com
Subject:  [fw-wiz] Netscreen email logging

I have tried to get email alerts and logs working with 2 different 
Netscreen boxes (5XP Elite and 25) with no success.  Everything else 
pretty much works as expected except this.  I have asked Netscreen 
support about it more than once and get the equivalent of a shrug 
from them.

Is there some secret to this I'm missing?  Here are the relevant 
entries from the configuration file:

set admin mail alert
set admin mail traffic-log
set admin mail server-name <hostname or IP>
set admin mail mail-addr1 <email address>


I've finally gotten used to their idiosyncracy of needing a manual 
route entry for any network that receives or sends to the firewall 
itself, so this isn't the problem.

Ideas greatly appreciated!

Phil




--
Philip J. Koenig                                       pjklist () ekahuna com
Electric Kahuna Systems -- Computers & Communications for the New Millenium


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: