Monitoring Security Policy Statistics
Monitor and record traffic that Junos OS permits or denies based on previously configured policies.
To monitor traffic, enable the count and log options.
Count—Configurable in an individual policy. If count is enabled, statistics are collected for sessions that enter the device for a given policy, and for the number of packets and bytes that pass through the device in both directions for a given policy. For counts (only for packets and bytes), you can specify that alarms be generated whenever the traffic exceeds specified thresholds. See count (Security Policies).
Log—Logging capability can be enabled with security policies during session initialization (session-init) or session close (session-close) stage. See log (Security Policies).
To view logs from denied connections, enable log on session-init.
To log sessions after their conclusion/tear-down, enable log on session-close.
Session log is enabled at real time in the flow code which impacts the user performance. If both session-close and session-init are enabled, performance is further degraded as compared to enabling session-init only.
For details about information collected for session logs, see Information Provided in Session Log Entries for SRX Series Services Gateways.