Hello.
Old thread, but i wanted to follow up. Perhaps the securlty log option doesn't work on branch SRX?
On a SRX210, I created the following, and with the structured-data option, there's a description for each field:
root> show configuration system syslog
file trafficlog {
any any;
match RT_SESSION;
structured-data;
}
Here is syslog BEFORE structured data is enabled:
Apr 29 23:36:35 RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.222.1/1024->192.168.1.33/41888 icmp 192.168.222.1/1024->192.168.1.33/41888 None None 1 Trust_to_Untrust Trust Untrust 54 N/A(N/A) fe-0/0/6.0 UNKNOWN UNKNOWN UNKNOWN
Apr 29 23:36:39 RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed response received: 192.168.222.1/1024->192.168.1.33/41988 icmp 192.168.222.1/1024->192.168.1.33/41988 None None 1 Trust_to_Untrust Trust Untrust 55 1(128) 0(0) 3 UNKNOWN UNKNOWN N/A(N/A) fe-0/0/6.0 UNKNOWN
Here is syslog AFTER structured data is enabled (i cleaned up some extraneous info):
<14>1 2013-04-30T00:20:20.510Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.36 source-address="192.168.1.33" source-port="43188" destination-address="192.168.222.1" destination-port="1024" service-name="icmp" nat-source-address="192.168.1.33" nat-source-port="43188" nat-destination-address="192.168.222.1" nat-destination-port="1024" src-nat-rule-name="None" dst-nat-rule-name="None" protocol-id="1" policy-name="Untrust_to_Trust" source-zone-name="Untrust" destination-zone-name="Trust" session-id-32="69" username="N/A" roles="N/A" packet-incoming-interface="fe-0/0/7.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"]
<14>1 2013-04-30T00:20:23.860Z - RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@2636.1.1.1.2.36 reason="response received" source-address="192.168.1.33" source-port="43188" destination-address="192.168.222.1" destination-port="1024" service-name="icmp" nat-source-address="192.168.1.33" nat-source-port="43188" nat-destination-address="192.168.222.1" nat-destination-port="1024" src-nat-rule-name="None" dst-nat-rule-name="None" protocol-id="1" policy-name="Untrust_to_Trust" source-zone-name="Untrust" destination-zone-name="Trust" session-id-32="69" packets-from-client="1" bytes-from-client="128" packets-from-server="1" bytes-from-server="128" elapsed-time="4" application="UNKNOWN" nested-application="UNKNOWN" username="N/A" roles="N/A" packet-incoming-interface="fe-0/0/7.0" encrypted="UNKNOWN"]
Hope this helps.
Regards,
Sam