Logging capabilities of SRX

Ethan · 09-20-2009

We are considering acquiring an SRX for our business as a firewall and wan gateway. It is difficult to figure out all the capabilities of the device, because the documentation is for a complete OS (I am very new to JunOS). The only point on which I'm not sure is the logging.

I would need a log of all sessions going through the WAN : [src, dest, port, protocol, bytes_transfered, resolved_name] that I would send to an external syslog, or ideally accessed from a web application that can sum/group/filter the results.

Is it possible to configure the SRX so that it provides such an extensive access log for a WAN interface ?

Is there a way to have such a log with a predefined time granularity that automatically sums the byte count ?

Some example usage :

- Knowing how much data was transfered to/from a specific ftp address during the week

- Making a graph of the most accessed web sites

- A graph of the hosts that transfered the most data to/from the wan

- Effectively troubleshoot where/how we are consuming our bandwidth

Thanks

motd · 12-16-2008

Session log can be sent to a syslog server, the format is available here: http://www.juniper.net/techpubs/en_US/junos9.6/information-products/topic-collections/syslog-messages/jd0e38238.html#jd0e38238

RT_FLOW_SESSION_CREATE is logged at the beginning of a session and thus does not contain any traffic information, RT_FLOW_SESSION_CLOSE is sent at the end of the session and contains information such as how many bytes were sent/received.

This information can be used to analyse historical information but as log entries are only created after the session, its not really useful for realtime monitoring.

If you want to see which web sites are visited most, bear in mind that you will see IP addresses and not the hostnames and there may be many addresses that are used by one website or the other way around.

Logging capabilities of SRX

Re: Logging capabilities of SRX