This post contains several useful Junos SRX commands for the CLI. Mainly for myself, because I don't use those command regularly....
This post will be updated over time... Here it goes:
View session information:
root@srx100> show security flow session summary
Clear sessions through the firewall
root@srx100> clear security flow session all
Switch to other node in a cluster via CLI (over the HA-link):
root@srx100> request routing-engine login node 1
For High End devices, the command will be from shell:
% rlogin -Jk -T node1
View the config in set commands instead of the default hierarchy view:
root@srx100> show configuration | display set
Setting the correct logfile settings from the CLI (which is name-sensitive):
[edit]
root@srx100# set system syslog file policy_session user info
root@srx100# set system syslog file policy_session match RT_FLOW
root@srx100# set system syslog file policy_session archive size 1000k
root@srx100# set system syslog file policy_session archive world-readable
root@srx100# set system syslog file policy_session structured-data
Load the set commands through the CLI. After pasting them, use CTRL-D to end the insertion of commands. A commit is still needed to commit the changes.
root@srx100# load set terminal
root@srx100# <CTRL-D to end>
root@srx100# <paste the set commands>
Monitor activity from the CLI (assuming that you have configured the logging part):
root@srx100> monitor start policy_session
This will start scrolling the logging in real-time on the screen. To stop this, you need to enter the following (while your screen looks like a mess due to the scrolling log information):
root@srx100> monitor stop
Replace strings (CaSe-SensiTive) in your config (e.g. globally change an IP address which is used several times):
root@srx100# replace pattern 192.168.0.1 with 192.168.1.1
View the changes before you commit the configuration:
root@srx100# show | compare rollback 0
Save the rescue configuration (clearing the alarm LED on the device):
root@srx100> request system configuration rescue save
Restoring the rescue configuration:
[edit]
root@srx100# rollback rescue
load complete
[edit]
root@srx100# commit
Show the users logged in to the firewall (configuration):
root@srx100> show system users no-resolve
--------------------------------------------------------------------------
2:36PM up 2 days, 22:36, 2 users, load averages: 0.17, 0.33, 0.36
USER TTY FROM LOGIN@ IDLE WHAT
root p0 10.0.0.8 1:16PM - -cli (cli)
root jweb1 10.0.0.8 1:07PM 1
root@srx100>
Kick a logged in user from the CLI:
root@srx100> request system logout terminal jweb1
root@srx100> show system users no-resolve
--------------------------------------------------------------------------
2:36PM up 2 days, 22:36, 2 users, load averages: 0.17, 0.33, 0.36
USER TTY FROM LOGIN@ IDLE WHAT
root p0 10.0.0.8 1:16PM - -cli (cli)
root@srx100>
Show the current time + timezone:
root@srx100> show system uptime | match Current Current time: 2013-04-23 19:20:21 CEST root@srx100>