Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Information Provided in Session Log Entries for SRX Series Services Gateways
Session log entries are tied to policy configuration. Each main session event—create, close, and deny—will create a log entry if the controlling policy has enabled logging.
Different fields are logged for session create, session close, and session deny events as shown in Table 3, Table 4, and Table 5. The same field name under each type indicates that the same information is logged, but each table is a full list of all data recorded for that type of session log.
The following table defines the fields displayed in session log entries.
Table 3: Session Create Log Fields
Field | Description |
|---|---|
source-address | Source IP address of the packet that created the session. |
source-port | Source port of the packet that created the session. |
destination-address | Destination IP address of the packet that created the session. |
destination-port | Destination port of the packet that created the session. |
service-name | Application the packet traversed. (For example, “junos-telnet” for Telnet traffic during the session allowed by a policy that permits native Telnet.) |
nat-source-address | The translated Network Address Translation (NAT) source address if NAT was applied; otherwise, the source address as above. |
nat-source-port | The translated NAT source port if NAT was applied; otherwise, the source port as above. |
nat-destination-address | The translated NAT destination address if NAT was applied; otherwise, the destination address as above. |
nat-destination-port | The translated NAT destination port if NAT was applied; otherwise, the destination port as above. |
src-nat-rule-name | The source NAT rule that was applied to the session (if any). If static NAT is also configured and applied to the session and if source address translation takes place, then this field shows the static NAT rule name.* |
dst-nat-rule-name | The destination NAT rule that was applied to the session (if any). If static NAT is also configured and applied to the session and if destination address translation takes place, then this field shows the static NAT rule name.* |
protocol-id | The protocol ID of the packet that created the session. |
policy-name | The name of the policy that permitted the session creation. |
session-id-32 | The 32–bit session ID. |
* Note that some sessions may have both destination and source NAT applied and the information logged. | |
Table 4: Session Close Log Fields
Field | Description |
|---|---|
reason | The reason the session was closed. |
source-address | Source IP address of the packet that created the session. |
source-port | Source port of the packet that created the session. |
destination-address | Destination IP address of the packet that created the session. |
destination-port | Destination port of the packet that created the session. |
service-name | Application the packet traversed. (For example, “junos-telnet” for Telnet traffic during the session allowed by a policy that permits native Telnet.) |
nat-source-address | The translated NAT source address if NAT was applied; otherwise, the source address as above. |
nat-source-port | The translated NAT source port if NAT was applied; otherwise, the source port as above. |
nat-destination-address | The translated NAT destination address if NAT was applied; otherwise, the destination address as above. |
nat-destination-port | The translated NAT destination port if NAT was applied; otherwise, the destination port as above. |
src-nat-rule-name | The source NAT rule that was applied to the session (if any). If static NAT is also configured and applied to the session and if source address translation takes place, then this field shows the static NAT rule name.* |
dst-nat-rule-name | The destination NAT rule that was applied to the session (if any). If static NAT is also configured and applied to the session and if destination address translation takes place, then this field shows the static NAT rule name.* |
protocol-id | The protocol ID of the packet that created the session. |
policy-name | The name of the policy that permitted the session creation. |
session-id-32 | The 32–bit session ID. |
packets-from-client | The number of packets sent by the client related to this session. |
bytes-from-client | The number of data bytes sent by the client related to this session. |
packets-from-server | The number of packets sent by the server related to this session. |
bytes-from-server | The number of data bytes sent by the server related to this session. |
elapsed-time | The total session elapsed time from permit to close, given in seconds. |
* Note that some sessions may have both destination and source NAT applied and the information logged. | |
Table 5: Session Deny Log Fields
Field | Description |
|---|---|
source-address | Source IP address of the packet that attempted to create the session. |
source-port | Source port of the packet that attempted to create the session. |
destination-address | Destination IP address of the packet that attempted to create the session. |
destination-port | Destination port of the packet that attempted to create the session. |
service-name | Application the packet attempted to traverse. |
protocol-id | The protocol ID of the packet that attempted to create the session. |
icmp-type | The ICMP type if the denied packet was ICMP configured; otherwise, this field will be 0. |
policy-name | The name of the policy that denied the session creation. |
Related Topics
- Junos OS Feature Support Reference for SRX Series and J Series Devices
- Understanding How to Obtain Session Information for SRX Series Services Gateways
- Displaying Global Session Parameters for All SRX Series Services Gateways
- Displaying a Summary of Sessions for SRX Series Services Gateways
- Displaying Session and Flow Information About Sessions for SRX Series Services Gateways
- Displaying Session and Flow Information About a Specific Session for SRX Series Services Gateways
- Clearing Sessions for SRX Series Services Gateways
- Using Filters to Display Session and Flow Information for SRX Series Services Gateways
