Monitoring Policy Statistics

Purpose

Monitor and record traffic that Junos OS permits or denies based on previously configured policies.

Action

To monitor traffic, enable the count and log options.

Count—Configurable in an individual policy. If count is enabled, counters are collected for the number of packets, bytes, and sessions that enter the firewall for a given policy. For counts (only for packets and bytes), you can specify that alarms be generated whenever the traffic exceeds specified thresholds.

Log—Logging capability can be enabled with security policies during session initialization (session-init) or session close (session-close) stage.

• To view logs from denied connections, enable log on session-init.
• To log sessions after their conclusion/tear-down, enable log on session-close.

Note: Session log is enabled at real time in the flow code which impacts the user performance. If both session-close and session-init are enabled, performance is further degraded as compared to enabling session-init only.

For details about information collected for session logs, see Information Provided in Session Log Entries for SRX Series Services Gateways.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Security Policies Overview
• Troubleshooting Security Policies
• Checking a Security Policy Commit Failure
• Verifying a Security Policy Commit
• Debugging Policy Lookup