Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

profile (security)

Syntax

Hierarchy Level

Description

Configure the security log profile to define the policy related log format including fields selection and fields order for the log. You can apply the log profile to a policy to get the log in a predefined format. Configure the stream and the log server to send the logs to the destination before configuring the profile. You can specify the log profile only for the policy related logs. After configuring the policy category, configure the field-name from the options that are available for the policy log per category. After you have selected the field name, select the field-extra name from the available options. You can apply the profile on the policy related logs mentioned in the Table 1.

Table 1: You can apply log profile on below policy related logs and their categories.
Category Policy related logs
SESSION

RT_FLOW_SESSION_CREATE

RT_FLOW_SESSION_CLOSE

RT_FLOW_SESSION_DENY

RT_FLOW_SESSION_UPDATE

WEBFILTER

WEBFILTER_URL_BLOCKED

WEBFILTER_URL_PERMITTED

WEBFILTER_URL_REDIRECTED

ANTIVIRUS AV_VIRUS_DETECTED_MT
CONTENT-FILTER CONTENT_FILTERING_BLOCKED_MT
ANTISPAM ANTISPAM_SPAM_DETECTED_MT
IDP IDP_ATTACK_LOG_EVENT
SECINTEL SECINTEL_ACTION_LOG
AAMW

AAMW_ACTION_LOG

AAMW_IMAP_ACTION

AAMW_SMTP_ACTION

SSL-PROXY

SSL_PROXY_SSL_SESSION_DROP

SSL_PROXY_SSL_SESSION_ALLOW

APPTRACK

APPTRACK_SESSION_VOL_UPDATE

APPTRACK_SESSION_CREATE

APPTRACK_SESSION_CLOSE

Default

Options

category

Selects the category of events for the profile

stream-name

Specify the destination to send the log. One log profile can point to multiple streams. Different log profiles can point to the same stream. You need to configure the stream mode for the logging before configuring stream-name.

template

Select the template from the available options for the profile to get the log in a predefined format. You can apply the profile template on the policy related logs and categories mentioned in the Table 2.

Table 2: You can apply log profile templates on the below listed policy related logs and categories.
TEMPLATES CATEGORIES FIELDS
traditional-firewall SESSION

reason

source-address

source-port

destination-address

destination-port

service-name

nat-source-address

nat-source-port

nat-destination-address

nat-destination-port

protocol-id

policy-name

source-zone-name

destination-zone-name

session-id-32

packets-from-client

bytes-from-client

packets-from-server

bytes-from-server

elapsed-time

username

packet-incoming-interface

flags

WEBFILTER all-fields
ANTIVIRUS all-fields
CONTENT-FILTER all-fields
ANTISPAM all-fields
IDP all-fields
SECINTEL all-fields
AAMW all-fields
SSL-PROXY all-fields
APPTRACK all-fields
unified-ngfw SESSION session-id
reason
source-address
source-port
destination-address
destination-port
nat-source-address
nat-source-port
nat-destination-address
nat-destination-port
protocol-id
policy-name
source-zone-name
destination-zone-name
packets-from-client
bytes-from-client
packets-from-server
bytes-from-server
elapsed-time
application
nested-application
username
packet-incoming-interface
application-category
application-sub-category
application-risk
flags
WEBFILTER session-id
category
reason
profile
url
username
urlcategory-risk
ANTIVIRUS Session-id
profile-name
filename
temporary-filename
name
url
username
action
CONTENT-FILTER Session-id
argument
profile-name
action
reason
username
filename
ANTISPAM Session-id
profile-name
action
reason
username
IDP Session-id
Message-type
rule-name
rulebase-name
policy-name
export-id
repeat-count
action
threat-severity
attack-name
packet-log-id
alert
username
xff-header
message
SECINTEL Session-id
Category
sub-category
action
action-detail
http-host
threat-severity
feed-name
policy-name
profile-name
username

AAMW

AAMW_ACTION_LOG

session-id
Hostname
file-category
verdict-number
malware-info
action
list-hit
file-hash-lookup
policy-name
username
url
SSL-PROXY session-id
profile-name
message
username

APPTRACK

APPTRACK_SESSION_CLOSE

session-id
application
nested-application
username
profile-name
rule-name
routing-instance
destination-interface-name
uplink-incoming-interfacename
uplink-tx-bytes
uplink-rx-bytes
apbr-policy-name
amr-rule-name
sd-wan SESSION session-id
reason
source-address
source-port
destination-address
destination-port
nat-source-address
nat-source-port
nat-destination-address
nat-destination-port
protocol-id
policy-name
source-zone-name
destination-zone-name
packets-from-client
bytes-from-client
packets-from-server
bytes-from-server
elapsed-time
application
nested-application
username
packet-incoming-interface
application-category
application-sub-category
application-risk
flags
WEBFILTER session-id
category
reason
profile
url
username
urlcategory-risk
ANTIVIRUS

Session-id [this does not exist today – needs to be added]

profile-name
filename
temporary-filename
name
url
username

action [ this does not exist today either]

CONTENT-FILTER

Session-id [this does not exist today]

argument
profile-name
action
reason
username
filename
ANTISPAM

Session-id [this does not exist today]

profile-name
action
reason
username
IDP

Session-id (does not exist today)

Message-type
rule-name
rulebase-name
policy-name
export-id
repeat-count
action
threat-severity
attack-name
packet-log-id
alert
username
xff-header
message
SECINTEL Session-id
Category
sub-category
action
action-detail
http-host
threat-severity
feed-name
policy-name
profile-name
username

AAMW

AAMW_ACTION_LOG

session-id
Hostname
file-category
verdict-number
malware-info
action
list-hit
policy-name
username
url
SSL-PROXY session-id
profile-name
message

username [this field does not exist today]

APPTRACK

APPTRACK_SESSION_CLOSE

source-address
source-port
destination-address
destination-port
service-name
application
nested-application
policy-name
source-zone-name
destination-zone-name
packets-from-client
bytes-from-client
packets-from-server
bytes-from-server
elapsed-time
profile-name
rule-name
routing-instance
destination-interface-name
uplink-incoming-interfacename
uplink-tx-bytes
uplink-rx-bytes
multipath-rule-name
src-vrf-grp
dst-vrf-grp
username
session-id
reason

Required Privilege Level

Release Information

Configuration statement profile is added in Junos OS Release 21.1R1.