test

SunScreen 3.1 Administration Guide

Information, Statistics, and Logs

To View the Information
    (Optional)

    (Optional) Type the following to display information, such as Product, System Boot Time, SunScreen Boot Time, and Version:

    • For local administration: 


      # ssadm sys_info

    • For remote administration: 


      # ssadm -r Screen_name sys_info

To View the Statistics
    (Optional)

    (Optional) Type the following to display the statistics about the traffic flowing through the Screen:

    • For local administration: 


      # ssadm traffic_stats

    • For remote administration: 


      # ssadm -r Screen_name traffic_stats

    All changes apply immediately.

To Set Up Packet Logging

SunScreen provides flexible logging of packets. A packet can be logged when it matches a policy rule, when does not match a policy rule, or when it matches a policy rule whose action is DENY.

  1. Configure SunScreen to log packets that do not match any particular policy rule.

    Most frequently packets are logged because of the DENY action in a rule, or because they do not match any policy rule.

  2. Set the type of logging that you want in the details for the ALLOW action in a policy rule and the type of ICMP reject in the details for DENY action.

  3. Set logging for packets that are dropped because they do not match any policy rule on the Interfaces panel of the Interface page.

To Examine Packets

    Once a log is retrieved, it can be examined using the ssadm logdump command.

    Examining logged packets can be a very useful for troubleshooting problems in setting up security policies. For example, when first creating policies, make the default DENY action "log packets." This way, you can review the logs easily. You can also use logging to capture any attempts to break in.

To Use ssadm logdump Command

    Type the following to display packets in the log file:


    # ssadm logdump -i ssadm_log_file

    You can only examine a saved log file from the command line.

    ssadm_log_file is the name of a log file that has been downloaded from the Screen.

To View the Log

    Type the following to view the current log:

    • For local administration: 


      # ssadm log get | ssadm logdump -i -

To Save the Log

    Type the following to save a log record to a file:

    • For local administration: 


      # ssadm log get > filename

    • For remote administration: 


      # ssadm -r Screen_name log get > filename

To Clear the Log

This action clears the log browser's display of any log records without saving them and clears the SunScreen log file.

    Type the following to clear the log file:

    • For local administration: 


      # ssadm log clear

    • For remote administration: 


      # ssadm -r Screen_name log clear

To Save and Clear the Log

This action saves a log to a file and clears the display of any log records.

    Type the following to save the log to a file and clear the log:

    • For local administration:


      # ssadm log get_and_clear > filename

    • For remote administration:


      # ssadm -r Screen_name log get_and_clear > filename