Hi all,
I have persistent & consistent the following logs, it is being generating every 4 seconds. It seems that by default MSRPC is enabled.
In order to get some logs via traceoptions about denied the associated traffic (MSRPC ALG), I created the follwing traceoptions with packet filter but I couldn't see any deny in the whole log files -alg_deny.
If this log -MSRPC being denied, I should be seeing a deny traffic. But not... Where is my mistake or where am I not doing correct troubleshooting? Any ideas please?
May 20 14:07:33 VItSRX320 junos-alg: RT_ALG_WRN_CFG_NEED: MSRPC ALG detected packet from 10.10.3.29/57624 which need extra policy config with UUID:f309ad18-d86a-11d0-a075-00c04fb68820 or 'junos-ms-rpc-any' to let it pass-through on ASL session
VItSRX320> show security alg status
ALG Status :
DNS : Enabled
FTP : Enabled
H323 : Enabled
MGCP : Enabled
MSRPC : Enabled
PPTP : Enabled
RSH : Disabled
RTSP : Enabled
SCCP : Disabled
SIP : Disabled
SQL : Disabled
SUNRPC : Enabled
TALK : Enabled
TFTP : Enabled
IKE-ESP : Disabled
VItSRX320>
VItSRX320>show configuration security | display set | match alg
set security alg sccp disable
set security alg sip disable
My traceoptions with the filter:
set security flow traceoptions file alg_deny files 2 size 1m world-readable
set security flow traceoptions flag all
set security flow traceoptions packet-filter packet_filter1 source-prefix 10.10.3.29
VItSRX320>file list detail /var/log/ | match alg
-rw-r--r-- 1 root wheel 767199 May 20 13:41 alg_deny
-rw-r--r-- 1 root wheel 84685 May 20 13:40 alg_deny.0.gz
Thanks
Arix