(Optional) Type the following to display information, such as Product, System Boot Time, SunScreen Boot Time, and Version:
For local administration:
# ssadm sys_info |
For remote administration:
# ssadm -r Screen_name sys_info |
(Optional) Type the following to display the statistics about the traffic flowing through the Screen:
For local administration:
# ssadm traffic_stats |
For remote administration:
# ssadm -r Screen_name traffic_stats |
SunScreen provides flexible logging of packets. A packet can be logged when it matches a policy rule, when does not match a policy rule, or when it matches a policy rule whose action is DENY.
Configure SunScreen to log packets that do not match any particular policy rule.
Most frequently packets are logged because of the DENY action in a rule, or because they do not match any policy rule.
Set the type of logging that you want in the details for the ALLOW action in a policy rule and the type of ICMP reject in the details for DENY action.
Set logging for packets that are dropped because they do not match any policy rule on the Interfaces panel of the Interface page.
Once a log is retrieved, it can be examined using the ssadm logdump command.
Examining logged packets can be a very useful for troubleshooting problems in setting up security policies. For example, when first creating policies, make the default DENY action "log packets." This way, you can review the logs easily. You can also use logging to capture any attempts to break in.
Type the following to display packets in the log file:
# ssadm logdump -i ssadm_log_file |
You can only examine a saved log file from the command line.
ssadm_log_file is the name of a log file that has been downloaded from the Screen.
Type the following to view the current log:
For local administration:
# ssadm log get | ssadm logdump -i - |
Type the following to save a log record to a file:
For local administration:
# ssadm log get > filename |
For remote administration:
# ssadm -r Screen_name log get > filename |
This action clears the log browser's display of any log records without saving them and clears the SunScreen log file.
Type the following to clear the log file:
For local administration:
# ssadm log clear |
For remote administration:
# ssadm -r Screen_name log clear |
This action saves a log to a file and clears the display of any log records.