steve@puluka.comProduct: ScreenOS
Version: 4.0 and higher
Description:
The built in flash on the firewalls have limited storage for log files. These are automatically over written as space runs out on the device. Adding a USB drive stick can increase the amount of log space available on the firewall.
Configuration:
1. Confirm that usb has the logging levels turned on. Log into the cli and check the current setting. This should be the default.
systemname-> get log setting
Levels: 0=Emergency, 1=Alert, 2=Critical, 3=Error, 4=Warning, 5=Notification,
6=Information, 7=Debugging, ‘-‘ = disabled
Module Console Internal Email SNMP Syslog
system ——– 01234567 012–5– 012—– 01234567
Module WebTrends NSM USB
system 012–5– 01234567 01234567
Serial number is disabled.
————
You should see the logging level under USB at 7 and below. If this is not turned on you can set the USB logging level.
systemname-> set log module system level information destination usb
Other levels available are:
emergency,alert,critical,error,warning,notification,information,debugging
2. Enable the logging to the USB device.
systemname-> set log usb enable
This allows the usb stick to be used to the maximum available space. It creates a text file on the drive in the format:
systemname_24Sept2010_log.txt
3. To restrict the size of the log file.
systemname-> set log usb filesize ## (number of megabytes)
Using the Logs:
Viewing the logs
These logs are visible in the web and cli interface while they are gathered. To remove the device for review on you computer.
CLI
get log traffic ?
View and select you options
Web
Reports – System Log – Events
Reports – Policies (select policy log to view)
USB Drive on your Computer
To remove the USB drive and mount on your computer for review.
systemname-> unset log usb enable
systemname-> exec usb-device stop
References:
KB4258 Storing Log Data
http://kb.juniper.net/InfoCenter/index?page=content&id=KB4258
KB4214 Configuring the Juniper Firewall Traffic Log (Policy Log)
http://kb.juniper.net/InfoCenter/index?page=content&id=KB4214
Originally Posted November 27, 2010
Last Revised on May 14, 2011
