Basic Use Netscreen commands


ScreenOS  JUNOS  Notes     
Session & Interface counters         
get session > show security flow session      
get interface > show interface terse      
get counter stat > show interface extensive      
get counter stat <interface> > show interface <interface> extensive    
clear counter stat > clear interface statistics <interface>      
Debug & Snoop         
debug flow basic # edit security flow -creates debugs in default file name: /var/log/security-traceSee KB16108 for traceoptions info.    
# set traceoptions flag basic-datapath    
# commit    
set ff # edit security flow Packet-drop is a feature that will be added    
# set traceoptions packet-filter    
get ff > show configuration | match packet-filter | display set      
get debug > show configuration | match traceoptions | display set      
get db stream View stored log: (recommended option) ‘monitor stop’ stops real-time view , but debugs are still collected in log files    
> show log <file name> (enter h to see help options)    
> show log security-trace (to view ‘security flow’ debugs)    
> show log kmd (to view ‘security ike’ debugs)View real-time: (use this option with caution)    
> monitor start <debugfilename>    
ESC-Q (to pause real-time output to screen)    
clear db > clear log <filename> (clears contents of file) Use ‘file delete <filename> to actually delete file>    
undebug <debug> (stops collecting debugs) # edit security flow Deactivate makes it easier to enable/disable.Use activate traceoptions to activate.    
# deactivate traceoptions OR # delete traceoptions (at the particular hierarchy)    
# commit    
undebug all Not available. You need to deactivate or delete traceoptions separately.      
debug ike detail # edit security ike -creates debugs in default file name: kmd    
# set traceoptions flag ike    
# commit    
snoop (packets THRU the JUNOS device) Use Packet Capture feature: - Not supported on SRX 3×00/5×00 yet    
snoop (packets TO the JUNOS device) > monitor traffic interface <int> layer2-headers -Only captures traffic destined for the RE of router itself.- Excludes PING .    
write-file option (hidden)    
read-file (hidden)    
Event Logs         
get event > show log messages      
> show log messages | last 20 (helpful cmd because newest log entries are at end of file)    
get event | include <string> > show log messages | match <string> Note: There is not an equivalent command for ‘get event include <string>’.    
> show log messages | match “<string> | <string> | <string>”      
Examples: match displays only the lines that contains the string    
> show log messages | match “error | kernel | panic”      
> show log messages | last 20 | find error find displays output starting from the first occurrence of the string    
clear event > clear log messages      
  > show log      
Config & Software upgrade         
get config > show config (program structured format)      
> show config | display set (set command format)    
get license > show system license keys      
get chassis (serial numbers) > show chassis hardware detail > show chas environment    
> show chas routing-engine    
exec license > request system license [add | delete |save]      
unset allreset load factory-default See KB15725.    
set system root-authentication plain-text-passsword    
commit and-quit    
request system reboot    
load config from tftp <tftp_server> <configfile> > start shell and FTP config to router, i.e. /var/tmp/test.cfg. Then -TFTP is not supported. Use only FTP, HTTP, or SCP.    
# load override /var/tmp/test.cfg (or full path of config file)    
load software from tftp <tftp_server> <screenosimage> to flash > request system software add -TFTP is not supported. Use only FTP. HTTP, or SCP.    
Example: -Use ‘request system software rollback’ to rollback to previous s/w packageSee KB16652.    
request system software add ftp: reboot      
save # commit OR      
# commit and-quit    
reset > request system reboot      
get policy > show security policies      
get policy from <zone> to <zone> > show security policies from <zone> to <zone>      
get ike cookie > show security ike security-associations      
get sa > show security ipsec security-associations > show security ipsec stat    
clear ike cookie > clear security ike security-associations      
clear sa > clear security ipsec security-associations      
get nsrp > show chassis cluster status      
> show chassis cluster interfaces    
> show chassis cluster status redundancy-group <group>    
exec nsrp vsd <vsd> mode backup (on master) see KB5885 > request chassis cluster failover redundancy-group <group> node <node>      
  > request chassis cluster failover reset redundancy-group <group>      
get dhcp client > show system services dhcp client See KB15753.    
exec dhcp client <int> renew > request system services dhcp renew (or release)      
get route > show route      
get route ip <ipaddress> > show route <ipaddress>      
get vr untrust-vr route > show route instance untrust-vr      
get ospf nei > show ospf neighbor      
set route interface <int> gateway <ip> # set routing-options static route next-hop <ip> See KB16572.    
get vip > show security nat destination-nat summary      
get mip > show security nat static-nat summary      
get dip > show security nat source-nat summary      
> show security nat source-nat pool <pool>    
get perf cpu > show chassis routing-engine      
get net-pak s > show system buffers      
get file > show system storage      
get alg > show configuration groups junos-defaults applications All pre-defined applications are located within the hidden group junos-defaults. If any ALGs are applied to the pre-defined applications, they will also be displayed with this command.    
get service > show configuration groups junos-defaults applications      
get tech > request support information      
set console page 0 > set cli screen-length 0      
  > file list <path> Shows directory listing.    
Example: file list /var/tmp/ Note that / is needed at end of path    
  # = configuration mode prompt      
  > = operational mode prompt