Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

About the Session Page

To access this page, click Monitor>Logs>Session.

You can use the Session page to view the details of the traffic logs that are generated by managed devices.

You can view the traffic logs that are generated in the past 24 hours. These traffic logs are used to debug certain events such as creatingcreation of sessions, deletion of sessions, and update sessions. You can also view the traffic logs for firewall and other security deployments.

The following examples indicate the types of logs that the Session page displays:

  • RT_FLOW_SESSION_CREATE/CLOSE

  • APPTRACK_SESSION_CREATE/CLOSE and other APPTRACK volume update events

Note:

You must enable policy logging to view the traffic log data, and application tracking at the zone level to view APPTRACK logs.

Tasks You Can Perform

You can perform the following tasks from this page:

  • View a graphical representation of traffic logs for a specified time range in the Time Range widget.

    The X-axis represents the defined time while, while the Y-axis represents the number of traffic logs.

    Use the slider to decrease or increase the time range of the traffic logs. You can also select from predefined time ranges such as 5m, 10m, 20m, 30m, 1h, 2h, 4h, 8h, 16h, 24h, or Custom.

    If you select Custom, you must specify the dates and time range in MM/DD/YYYY and HH:MM:SS 24-hour or AM/PM formats to display the traffic logs for a specific period.

  • View information related to traffic logs. See Table 1.

  • View similar traffic logs. Select a traffic log, and click Show exact match to view similar logs.

  • Group the traffic logs based on the options available in the Group by field.

    For example, you can group traffic logs based on the destination country and the destination IP address.

  • Show or hide the columns displayed on the page—Click the Show Hide Columns icon at the top-right corner of the page, and select the columns to display in the grid.

Table 1 provides information related to traffic logs.

Table 1: Columns on the Session Page

Fields

Description

Time

The time when the traffic log was generated.

Generated by

The user who generates the log.

Event Name

Te The event name of the traffic log.

User Name

The username.

Source Country

The name of the country from where the event originated.

Source IP

The source IPv6 or IPv4 IPv4 or IPv6 address from where the event occurred.

Destination Country

The destination country name from where the event occurred.

Destination IP

The destination IPv4 or IPv6 address of the event.

URL

The accessed URL name that triggered the traffic log.

Category

The event category of the traffic log, suchh as, such as firewall or apptrack.

Application

The name of the application associated with the traffic that triggered the event.

Nested Application

The name of the Layer 7 application.

Received Time

The time when the traffic log was received by Juniper Security Director Cloud.

Policy Name

The policy name in the log.

Source Port

The source port of the event.

Destination Port

The destination port of the event.

Description

The description of the log.

Threat Severity

The threat severity of the event.

Name

The name of the event.

Client Hostname

The hostname of the client associated with the traffic that triggered the event.

For example, if a specific computer is infected, the name of that computer is displayed.

Event Category

The event category of the traffic log, such as firewall or apptrack.

Argument

The type of the traffic, such as FTP and HTTP.

Service Name

The name of the Layer 4 service used for the traffic that triggered the event, such as FTP, HTTP, SSH, and so on.

Source Zone

The source zone of the site.

Destination zone

The destination zone of the site.

Protocol ID

The protocol ID of the traffic that triggered the event.

Roles

The role names associated with the event.

Reason

The reason for the log generation, such as unrestricted access.

NAT Source Port

The source port of traffic after NAT traversal.

NAT Destination Port

The destination port of traffic after NAT traversal.

NAT Source Rule Name

The source NAT rule name.

NAT Destination Rule Name

The destination NAT rule name.

NAT Source IP

The source IP address after IP address translation.

NAT Destination IP

The destination IP address after IP address translation.

Traffic Session ID

The Session The session ID mapped by the site to an event.

Path Name

The pathname of the log.

Logical System Name

The logical system name.

Rule Name

The rule name.

Profile Name

The name of the event profile that triggered the log.

Malware Info

The information about the malware causing the event.

Source VRF Group Name

The source VRF group name that generated the event.

Destination VRF Group Name

 The destination VRF group name that generated the event.