转自;杜松之家;http://www.juniperbbs.net/index.php
时间:2005年3月17日 Tech.Level:FAQ
====================================================
官方解答:
The [size=+0]alarm led can only be cleared via the command line interface. Clearing the [size=+0]alarm LED is not supported via WebUI. The [size=+0]alarm message needs to be deleted first.?From the command line interface (CLI):
clear [size=+0]alarm traffic [Enter]
clear [size=+0]alarm event [Enter]
Then, the LED will remain lit until the following CLI command is issued:
clear led [size=+0]alarm [Enter]
For ScreenOS 4.0.1r1 and higher, you don't need to clear the logs before you clear the led [size=+0]alarm.?Only clearing the led [size=+0]alarm will turn off the [size=+0]alarm led.
报警[size=+0]灯的状态只有在命令行界面下才能够被清除,目前web管理还不支持这个功能。如果要清楚报警[size=+0]灯的状态,首先要清除报警信息,你可以在命令行界面运行以下命令清除他们:
clear [size=+0]alarm traffic [回车]
clear [size=+0]alarm event [回车]
接着你就可以用下面的命令来关闭报警[size=+0]灯了:
clear led [size=+0]alarm [回车]
如果您使用的是ScreenOS 4.0.1r1以上版本的话,则不需要在清除报警[size=+0]灯状态前做清除报警事件日志的工作,只需要清除报警[size=+0]灯的状态就可以了。
====================================================
外部链接:
====================================================
[size=+0]Alarm灯常亮很正常的,几乎不用管它,在我这台上只要一开防火墙,这个[size=+0]Alarm灯就是亮的,如你实在看得心里不舒服,就用clear led [size=+0]alarm把它消掉吧! 我对这[size=+0]灯已经有点麻木了!
====================================================
[size=+0]alarm [size=+0]灯不可以自动关闭,
因为它是一个提示信息。
比如有黑客攻击了你防火墙的日志记录了,但对于一个不经常登陆防火墙的网管来说他是不知道的所以防火墙做了一个外部的提示信息来 告诉你
====================================================
红[size=+0]灯表示你的防火墙曾经被人攻击过,或是类似于攻击的行为也会被记录在案,看看日志吧,另外这个红[size=+0]灯需要手动来清除的,用clear [size=+0]alarm led 命令可以清除红[size=+0]灯的显示。
==================================================== clear led [size=+0]alarm
我刚为客户解决了这个问题
==================================================== 我今天问了安泰的工程师,说是OS版本的问题,版本低了重起也会亮红[size=+0]灯,我单位的NS50用的是5.0.0r8.0的版本,在重起后不会出现红[size=+0]灯,已经修正了这个问题
Mr. Kang,
I’ve checked the description about the “alarm LED” on NetScreen Firewall 204 on Juniper.net.
I’m sorry that “Juniper Network” doesn’t provide an official document about the bug of “alarm LED”.
Here are my suggestions toward this challenge:
At the first beginning, let the customer realize that:
===============================================
The alarm LED is just a signal to notice the network administrator that there had attack but blocked by firewall on the network. 灯亮起来其实是好事情!证明网络上的攻击被堵住了,攻击有可能来自运营商网络,也可能来自本地。具体在哪里就要查看日志,我们可 以一步一步来确认。灯亮意味着网络正在安全、正常的运行;而并非意味着硬件或者是软件。错误。如果真的受到攻击,而防火墙却没有 任何反映,这样的后果不是更加严重吗?
===============================================
The flowing is official description provide by Netscreen:
===============================================
The alarm led can only be cleared via the command line interface. Clearing the alarm LED is not supported via WebUI.
The alarm message needs to be deleted first? From the command line interface (CLI):
clear alarm traffic [Enter]
clear alarm event [Enter]
Then, the LED will remain lit until the following CLI command is issued:
clear led alarm [Enter]
For ScreenOS 4.0.1r1 and higher, you don't need to clear the logs before you clear the led alarm? Only clearing the led alarm will turn off the alarm led.
===============================================
The Reasons including:
Ø
Attacking; get alarm event
Ø
Virus;
Ø
CUP or Memory Usage; get alarm threshold
Ø
Logging is full; get log event
Ø
Session connection is too big;
To slake the LED: clear led alarm
To find out reasons:
get alarm event
[此贴子已经被作者于2007-11-21 22:25:49编辑过]
