Update!
The SRX Session analyzer has been updated. The links below have been updated to version 1.5. Thanks for all the bug reports, feedback and kind words.
New Plugins have been added in 1.5-
There are three plugins currently written. All analyze traffic log files (either local on the box that have been downloaded)
or data stored on a syslog server. Either way.. you can analyzer three types of log entries. There are multiple filters in place to show you top talkers
by source/dest, service, policy, bytes, zones, and how your session was closed.
1) Session Create - These are logs are created when 'log session init' is configured on the policy. This log entry means a session has been opened.
2) Session Close - These are logs are created when 'log session close' is configured on the policy. This log entry means a session has been removed from the session table.
3) Session Deny - These are logs when logging is configured on a deny policy and the traffic was dropped.
I wrote these log file plugins because the session analyzer is real time, and there are no SRX specific log analyzers out there for historical analyzing of traffic patterns.
Juniper sells the STRM box for this but many customers cannot justify that kind of cost. These plugins are very beta, if you have feedback, a feature request or just want to
tell me it sucks, feel free to email me.
#Change History:
#12/08/11 - Version 1.5 - Added the first set of plugins for SRX Session Analyzer. These plugins can analyze traffic log files (syslog or locally logged)
# and give you the ability to parse for top talkers by various data points. Needs additional testing as it's only been tested on 11.2 syslog output.
#12/07/11 - Version 1.3 - Added some basic GUI items, file, edit, plugins and help. Fixed a couple of minor bugs.
#12/02/11 - Version 1.2 - Fixed the "all" option within the drop down menu. Previously this didn't work.
#11/03/11 - Version 1.1 - Minor bug fixes and code clean up. Added protocol lookup (much like port lookups).
#10/14/11 - Version 1.0 - Base version released. It does basic top 10 with filters
So for those that are interested I went ahead and published the source on github. I will still host and create the compiled .exe's for windows versions but for those of you running linux/unix/osx you can now download this directly.
Feel free to take a look at the source and I always welcome input. I still ask that you don't copy/fork the code without permissions but that's something I can't control.
Below is the link for the github project.
https://github.com/xmin0s/SRX-Session-Analyzer
-----------------------------------------------------------------------------------------------------------------
Original post:
All,
After finally finding some free time (a new job or two, and a new kid) I was able to at least sit down and hack out a base version of my SRX Session Analyzer. For those of you who used NSSA (Netscreen Session Analyzer) I wrote it to assist in troubleshooting Juniper firewalls.
Basically this tool will take a look at your current session table and give you a list of top talkers by IP, port, policy, Interface and now by packets and bytes.
It is written completely in python and requires nothing other than what is in the compressed file.
Windows XP:
performanceclassifieds.net/SRX-Session-Analyzer-winxp-32bit-V1.5.zip
Windows7 32bit
performanceclassifieds.net/SRX-Session-Analyzer-win7-32bit-V1.5.zip
Windows 7 64bit
performanceclassifieds.net/SRX-Session-Analyzer-win7-64bit-V1.5.zip
If you run osx/linux feel free to email me directly and i'll get you a working copy. It just requires that you install python 3.2.
As always this is virus free and requires no internet connection. Source available upon request. Please let me know what you think and if you find a bug let me know. This is the very first release.
Hopefully it helps some people out. Lots of folks have been emailing me requesting it.
Thanks,
-Tim Eberhard