I recently had a conversation with a new acquantance around instagram.. She didn’t like the idea of Instagram. With all the effort that photographers and artists put into Photoshop edits, she thought the idea that you could just apply a fancy affect to a random photo was in effect, cheating.
I can see her point – but I like to think of Instagram as the modern-day Poleroid. In fact, I’ve made a photo album with the first and last pages being a scattering of Instergrams and it worked to good effect.
So it turns out that the Juniper SRX logs every traffic flow through it, which is pretty handy if are just about to utter the words “I blame the firewall” – so rather the prosecute without evidence, hold off judgement for a for short cli commands..
This little tit-bit is aimed around SRX’s with Logical System’s configured – but it probably works just as well without them.
Firstly, drop down into the Linux shell at the command line:
jim@my-juniper02> start shell
All the traffic logs for a logical system are located in /var/logical-systems/<name of lsys>/log
% cd /var/logical-systems/my-lsys/log/
The traffic flows are stored in plain text and the logs are rotated and compressed over the period of a few days. That said, it’s easy to grep the entire collection for what you’re looking for, in this case we’ve got a little DNS problem:
% grep “/53” traffic | grep “DENY”
Aug 20 20:00:57 my-juniper02 RT_FLOW: %-RT_FLOW_SESSION_DENY_LS: Lsys my-lsys: session denied 192.168.63.6/50627->192.168.16.11/53 junos-dns-udp 17(0) rule-global-deny(global) zone-ad-clients zone-ad-servers UNKNOWN UNKNOWN N/A(N/A) reth1.63
Aug 20 20:01:02 my-juniper02 RT_FLOW: %-RT_FLOW_SESSION_DENY_LS: Lsys my-lsys: session denied 192.168.63.6/44644->192.168.16.10/53 junos-dns-udp 17(0) rule-global-deny(global) zone-ad-clients zone-ad-servers UNKNOWN UNKNOWN N/A(N/A) reth1.63
So there you have it. Before allowing someone utter that all-too-commonly used phrase again, try this simple bit of detective work.
Well, it’s July 2012 already, which means in January or before I need to re-certify my CCIE. I’m hoping they’ll have released the CCIE-DC written by then (I missed the chance to try the beta) and I can use that as the next step.. until then, I’ll write a few refreshing blog entries.
Sometimes I still can’t believe I have this thing.. I know it’s not held in as high-a-regard as it used to be, but it’s still pretty great to know the time and effort that went into it and the achievement of passing..
Like a lot of things in life, we try and try to start afresh and go as we mean to go on, but it doesn’t always work. Well, here’s attempt number three at getting myself to blog or write… back shortly.