Information Provided in Session Log Entries for SRX Series Services Gateways

Session log entries are tied to policy configuration. Each main session event—create, close, and deny—will create a log entry if the controlling policy has enabled logging.

Different fields are logged for session create, session close, and session deny events as shown in Table 3, Table 4, and Table 5. The same field name under each type indicates that the same information is logged, but each table is a full list of all data recorded for that type of session log.

The following table defines the fields displayed in session log entries.

Table 3: Session Create Log Fields

Field

Description

source-address

Source IP address of the packet that created the session.

source-port

Source port of the packet that created the session.

destination-address

Destination IP address of the packet that created the session.

destination-port

Destination port of the packet that created the session.

service-name

Application the packet traversed. (For example, “junos-telnet” for Telnet traffic during the session allowed by a policy that permits native Telnet.)

nat-source-address

The translated Network Address Translation (NAT) source address if NAT was applied; otherwise, the source address as above.

nat-source-port

The translated NAT source port if NAT was applied; otherwise, the source port as above.

nat-destination-address

The translated NAT destination address if NAT was applied; otherwise, the destination address as above.

nat-destination-port

The translated NAT destination port if NAT was applied; otherwise, the destination port as above.

src-nat-rule-name

The source NAT rule that was applied to the session (if any). If static NAT is also configured and applied to the session and if source address translation takes place, then this field shows the static NAT rule name.*

dst-nat-rule-name

The destination NAT rule that was applied to the session (if any). If static NAT is also configured and applied to the session and if destination address translation takes place, then this field shows the static NAT rule name.*

protocol-id

The protocol ID of the packet that created the session.

policy-name

The name of the policy that permitted the session creation.

session-id-32

The 32–bit session ID.

* Note that some sessions may have both destination and source NAT applied and the information logged.

Table 4: Session Close Log Fields

Field

Description

reason

The reason the session was closed.

source-address

Source IP address of the packet that created the session.

source-port

Source port of the packet that created the session.

destination-address

Destination IP address of the packet that created the session.

destination-port

Destination port of the packet that created the session.

service-name

Application the packet traversed. (For example, “junos-telnet” for Telnet traffic during the session allowed by a policy that permits native Telnet.)

nat-source-address

The translated NAT source address if NAT was applied; otherwise, the source address as above.

nat-source-port

The translated NAT source port if NAT was applied; otherwise, the source port as above.

nat-destination-address

The translated NAT destination address if NAT was applied; otherwise, the destination address as above.

nat-destination-port

The translated NAT destination port if NAT was applied; otherwise, the destination port as above.

src-nat-rule-name

The source NAT rule that was applied to the session (if any). If static NAT is also configured and applied to the session and if source address translation takes place, then this field shows the static NAT rule name.*

dst-nat-rule-name

The destination NAT rule that was applied to the session (if any). If static NAT is also configured and applied to the session and if destination address translation takes place, then this field shows the static NAT rule name.*

protocol-id

The protocol ID of the packet that created the session.

policy-name

The name of the policy that permitted the session creation.

session-id-32

The 32–bit session ID.

packets-from-client

The number of packets sent by the client related to this session.

bytes-from-client

The number of data bytes sent by the client related to this session.

packets-from-server

The number of packets sent by the server related to this session.

bytes-from-server

The number of data bytes sent by the server related to this session.

elapsed-time

The total session elapsed time from permit to close, given in seconds.

* Note that some sessions may have both destination and source NAT applied and the information logged.

Table 5: Session Deny Log Fields

Field

Description

source-address

Source IP address of the packet that attempted to create the session.

source-port

Source port of the packet that attempted to create the session.

destination-address

Destination IP address of the packet that attempted to create the session.

destination-port

Destination port of the packet that attempted to create the session.

service-name

Application the packet attempted to traverse.

protocol-id

The protocol ID of the packet that attempted to create the session.

icmp-type

The ICMP type if the denied packet was ICMP configured; otherwise, this field will be 0.

policy-name

The name of the policy that denied the session creation.

Related Topics