华为usg6000防火墙发送日志到rsyslog

日志服务器:192.168.6.205

# rsyslog配置
[root@localhost log]# cat /etc/rsyslog.conf | grep -Ev "^#|^$"
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
$ModLoad imudp # 开启udp接收
$UDPServerRun 514 # udp端口
$ModLoad imtcp # 开启tcp接收
$InputTCPServerRun 514 # tcp端口
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 :omusrmsg:*
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log
local6.*						                        /var/log/usg6000.log # usg设备发送过来的设施代码为local6,将所有日志级别(.*)写到配置的日志路径
# 重启rsyslog
[root@localhost log]# systemctl restart rsyslog
# usg配置
[USG6300]info-center enable 

[USG6300]info-center source default channel 2 log level informational 

[USG6300]info-center loghost 192.168.6.205 facility local6 port 514 channel 2 language English source-ip 192.168.12.45
Warning: There is security risk as this operation enables a non secure syslog protocol.

facility 为对应 rsyslog 中的设施代码,usg中支持0-7
[USG6300]info-center loghost 192.168.6.205 facility ?
  local0  Logging host facility 
  local1  Logging host facility 
  local2  Logging host facility 
  local3  Logging host facility 
  local4  Logging host facility 
  local5  Logging host facility 
  local6  Logging host facility 
  local7  Logging host facility 
# rsyslog配置发送者白名单,允许来源ip
$AllowedSender UDP, 192.168.222.10/24, 10.0.0.0/8
# 通过shell命令测试发送日志消息
logger -n 192.168.6.205 -p user.info "aaaaaaaaaaaa"

华为防火墙ssh登录no matching key exchange method found

ssh登录华为usg6308防火墙,提示如下错误:
Unable to negotiate with 192.168.12.45 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
大概就是找不到匹配的秘钥交换方法
在此之前升级过usg系统版本。

解决方法就是创建一个密钥对。
rsa local-key-pair create

juniper重启web管理界面服务

juniper web配置界面,点开菜单后,右侧的配置信息不显示,要么显示不完整,要么修改内容无法保存。
但是通过命令行是能看到配置信息,所以问题出在web服务上。

固件版本是 20.4R2.7

通过浏览器F12调试模式,看到是往下面地址发起请求

https://10.1.2.1:60000/cache.php

响应内容

{
    "status": true,
    "jweb-config-cache": "\/jail\/var\/cache\/.91714653_root_cfg.json",
    "jweb-last-cache-update-time": "1709866189"
}

推测 /jail/var/cache/ 这个路径下是临时缓存文件,进到此目录,删掉文件。

root@juniper1% cd /jail/var/cache/
root@juniper1% ls -l
total 372
-rw-r--r--  1 root  wheel  77776 Mar  7 21:50 .2119246741_root_cfg.json
-rw-r--r--  1 root  wheel  34373 Mar  7 21:47 .91311285_super_lpad.json
-rw-r--r--  1 root  wheel  77776 Mar  7 21:50 .91714653_root_cfg.json

root@juniper1% rm -f .xxxxx # 删除了 以点开头的文件 .xxxxx

# 重启web界面服务
root@juniper1> restart web-management 

配置界面功能恢复。

web界面配置还是相对不如命令行稳定。

juniper防火墙面板alarm灯橙色

root> show system alarms 
2 alarms currently active
Alarm time               Class  Description
2024-03-07 00:42:55 UTC  Minor  Autorecovery information needs to be saved
2024-03-07 00:42:53 UTC  Minor  Rescue configuration is not set

root> request system autorecovery state save 
Saving config recovery information
Saving license recovery information
Saving BSD label recovery information

root> request system configuration rescue save 

root> 

root> show system alarms 
No alarms currently active

这样面板上的警报灯就灭了。

juniper关闭自动更新

# 控制台经常提示

Auto Image Upgrade: DHCP INET Client Bound interfaces :

Auto Image Upgrade: DHCP INET Client Unbound interfaces : ge-0/0/0.0
ge-0/0/7.0

Auto Image Upgrade: DHCP INET6 Client Bound interfaces :

Auto Image Upgrade: DHCP INET6 Client Unbound interfaces :

这些提示会影响命令的输入,扰乱视线,可以先将其关闭,网络配通以后可以在打开。

# 关闭自动更新
root# delete chassis auto-image-upgrade

# 提交
[edit]
root# commit

# 恢复自动更新
root# set chassis auto-image-upgrade