Table 109: Common Filters - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Table 109: Common Filters

Option Default
--category yes
--device yes
--device-family yes
--domain yes
--dst-ip yes
--dst-port yes
--log-id yes
--matches-to-return yes
--rule yes
--severity yes
--src-ip yes
--src-port yes
--time-recv yes
Copyright © 2010, Juniper Networks, Inc.
./devSvrCli.sh --log2action --filter --log-id 20060315:0-20060317:4294967294 --action --xml
--file-path /tmp/newtest.xml
Using Common Filters
To control which log records are exported, use common filters. Common filters are
optional and must be used before the action command (-action).
Table 109 on page 801 shows the common filters.
Multiple Specifies
yes Category
yes Device name
yes Device type
yes Domain path
yes Destination IP address
yes Destination port
no From Log ID To Log ID
no Number of log entries to
match
no Rule to match
yes Severity
yes Source IP address
yes Source port
yes Time received
Format
<category>
Specify one or more of the following values: admin, alarm,
config, custom, events, implicit, info, predefined, profiler,
screen, self, sensors, traffic, urlfiltering, user.
<domain-path>:<device-name>
<device family>
idp, ive-ic, ive-sa, j/SRX Series, EX Series, m/MX Series,
sos
<global[/<subdomain-name>]
<a.b.c.d[/n|-<a.b.c.d>]>
<[0-65535][-[0-65535]]>
<<yyyymmdd>:[0-MAX][-<yyyymmdd>:[0-MAX]]>
<[1-4294967295]>
<domain-path>: <policy-name>:<rulebase>:<rule
number>
where <rulebase> is one of the following values: fw, idp,
honeypot, backdoor, synpro, vpn, mpolicy, tsig.
<severity>
Specify one of the following values: none, info,
device_warning_log, minor, major, device_critical_log,
emergency, alert, critical, error, warning, notice,
informational, or debug.
<a.b.c.d[/n|-<a.b.c.d>]>
<[0-65535][-[0-65535]]>
<<yyyymmdd>:<hhmmss>>-<<yyyymmdd>:<hhmmss>>
Chapter 19: Logging
801