fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Netscreen Traffic Reporting

Traffic reporting on the Juniper Netscreen can be achieved via a number of methods. Various tools and features are available such as the Netscreen Security Manager (NSM), 3rd Party applications along with numerous reporting features on the device itself. This article will look at how to create traffic reports by using just 1. a Netscreen device and 2. some Linux scripting.

1. COMMENTS

The following example is based upon creating a report based on the total number of bytes sent on an individual policy per source IP.

2. STEPS

2.1. DOWNLOAD REPORT

    1. Within the Web UI of the Netscreen device.
    2. Go to "Policies".
    3. Under the Policy (you want to report on) click "Logging" within the Options section.

 

  1. At the top of the screen click "Save".

2.2. CUSTOMISE REPORT

Using the report you previously saved we can now total the bytes on a per source IP basis using a few Linux commands :

$ awk /sec/' { print $4,$9 } ' netscreen-downloaded-report.txt  | sed 's/:.* / /g' | awk '!/source/{a[$1]+=$2}END{for(item in a)printf("Source IP: %s\tTotal bytes: %s\n",item,a[item])}'

Source IP: 172.16.1.7   Total bytes: 913644
Source IP: 172.16.1.8   Total bytes: 1905908

Tags: Netscreen

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001