Information, Statistics, and Logs
To View the Information
The ssadm sys_info subcommand provides information such as product, system boot time, SunScreen boot time, and version.
To display information using local administration, type the following:
# ssadm sys_info |
To display the equivalent information using remote administration, use the -r flag and specify the name of the remote Screen:
# ssadm -r Screen_name sys_info |
To View the Statistics
The traffic_stats option displays information about the traffic flowing through a Screen.
Using local administration, type the following:
# ssadm traffic_stats |
Using remote administration:
# ssadm -r Screen_name traffic_stats |
To Set Logsize on a Screen
You can use LOGSIZE to set the maximum size of your log file. The values are expressed in Mbytes, where 200 represents 200 Mbytes.
At the editor prompt, type:
edit> add screen vorticity ADMIN_CERTIFICATE vorticity.admin CDP RIP DNS SNMP 10.100.253.200 LOGSIZE 200 |
To Set Up Packet Logging
SunScreen provides flexible logging of packets. A packet can be logged when it matches a policy rule, when it does not match a policy rule, or when it matches a policy rule whose action is DENY.
-
Configure SunScreen to log packets that do not match any particular policy rule.
Most frequently, packets are logged because of the DENY action in a rule or because they do not match any policy rule.
-
Set the type of logging you want in the details for the ALLOW action in a policy rule.
-
Set the type of ICMP reject in the details for the DENY action in a policy rule.
-
On the Interfaces panel of the Interface page, set logging for packets that are dropped because they do not match any policy rule.
To Examine Packets
Once a log is retrieved, use the ssadm logdump command to examine it.
Examining logged packets can be useful for troubleshooting problems encountered while you set up security policies. For example, when first creating policies, make the default DENY action "log packets." This enables you to review the logs easily. You can also use logging to capture any attempts to break in.
To Display Packets in the Log File
You can examine a saved log file only from the command line.
Use the ssadm logdump command to display packets in the log file:
# ssadm logdump -i ssadm_log_file |
ssadm_log_file is the name of a log file that has been downloaded from the Screen.
To View the Log
Type the following to view the current log using local administration:
# ssadm log get | ssadm logdump -i - |
Note -
See the ssadm-logdump manpage for a list of options.
To Save the Log
Using local administration, use ssadm log get to save a log record to a file for local administration:
# ssadm log get > filename |
Using remote administration use ssadm with the -r option:
# ssadm -r Screen_name log get > filename |
To Clear the Log
This action clears the log browser's display of any log records without saving them and clears the SunScreen log file.
Using local administration, type the following to clear the log file:
# ssadm log clear |
Using remote administration, use ssadm with the -r option:
# ssadm -r Screen_name log clear |
To Save and Clear the Log
This action saves a log to a file and clears the display of any log records.
- © 2010, Oracle Corporation and/or its affiliates