10-14-2011 12:51 PM - edited 02-05-2013 01:31 PM
The SRX Session analyzer has been updated. The links below have been updated to version 1.5. Thanks for all the bug reports, feedback and kind words.
New Plugins have been added in 1.5-
There are three plugins currently written. All analyze traffic log files (either local on the box that have been downloaded)
or data stored on a syslog server. Either way.. you can analyzer three types of log entries. There are multiple filters in place to show you top talkers
by source/dest, service, policy, bytes, zones, and how your session was closed.
1) Session Create - These are logs are created when 'log session init' is configured on the policy. This log entry means a session has been opened.
2) Session Close - These are logs are created when 'log session close' is configured on the policy. This log entry means a session has been removed from the session table.
3) Session Deny - These are logs when logging is configured on a deny policy and the traffic was dropped.
I wrote these log file plugins because the session analyzer is real time, and there are no SRX specific log analyzers out there for historical analyzing of traffic patterns.
Juniper sells the STRM box for this but many customers cannot justify that kind of cost. These plugins are very beta, if you have feedback, a feature request or just want to
tell me it sucks, feel free to email me.
#12/08/11 - Version 1.5 - Added the first set of plugins for SRX Session Analyzer. These plugins can analyze traffic log files (syslog or locally logged)
# and give you the ability to parse for top talkers by various data points. Needs additional testing as it's only been tested on 11.2 syslog output.
#12/07/11 - Version 1.3 - Added some basic GUI items, file, edit, plugins and help. Fixed a couple of minor bugs.
#12/02/11 - Version 1.2 - Fixed the "all" option within the drop down menu. Previously this didn't work.
#11/03/11 - Version 1.1 - Minor bug fixes and code clean up. Added protocol lookup (much like port lookups).
#10/14/11 - Version 1.0 - Base version released. It does basic top 10 with filters
So for those that are interested I went ahead and published the source on github. I will still host and create the compiled .exe's for windows versions but for those of you running linux/unix/osx you can now download this directly.
Feel free to take a look at the source and I always welcome input. I still ask that you don't copy/fork the code without permissions but that's something I can't control.
Below is the link for the github project.
After finally finding some free time (a new job or two, and a new kid) I was able to at least sit down and hack out a base version of my SRX Session Analyzer. For those of you who used NSSA (Netscreen Session Analyzer) I wrote it to assist in troubleshooting Juniper firewalls.
Basically this tool will take a look at your current session table and give you a list of top talkers by IP, port, policy, Interface and now by packets and bytes.
It is written completely in python and requires nothing other than what is in the compressed file.
Windows 7 64bit
If you run osx/linux feel free to email me directly and i'll get you a working copy. It just requires that you install python 3.2.
As always this is virus free and requires no internet connection. Source available upon request. Please let me know what you think and if you find a bug let me know. This is the very first release.
Hopefully it helps some people out. Lots of folks have been emailing me requesting it.
10-17-2011 06:46 AM
I had a couple requests to add screenshots to this thread. Hopefully these help.
Thanks for all the great feedback and comments guys. Automatically pulling via netconf and raw xml processing is on my to do list for sure. Not sure when i'll find the time but it's on my roadmap/todo list.
10-18-2011 06:59 AM - edited 10-18-2011 07:12 AM
Have a problem with analyzer,
Did all steps correctly as described in README.TXT, but when I hit analyze button, It shows only the following output:
-SRX Session Analyzer-
-Written By Tim Eberhard-
-SRX Session Ananlyzer Verion 1.1 GUI Beta-
First file I tried, was >5K, taken from my production SRX3K, then I tried with smaller file (taken from SRX240) but result was the same.
Am I missing something ?
UPDATE: It was my mistake, When you start the program, you have to manually check filters. As program starts, by default they are checked, but do not work:
Here are screenshots:
10-18-2011 08:24 AM - edited 10-18-2011 08:24 AM
Interesting problem. Looks like the state isn't displaying correctly as it should. On my system it shows up as highlighted but not checked.
Unicast me directly via email. I suspect it's a problem with the specific binary you're running but I'd like to pinpoint it down and test a few things with you if you had time.
Thanks for your help, my apologies for the display bug. This is my first go around with ttk tkinter, I previously used wx.python but wx.python doesn't support python 3.x yet
10-21-2011 07:52 AM
I'm running 64 bit version for win7, and downloaded apropriate binary of session analyzer.
Python32.dll version is: 3.2.2
If you need any more details, please let me know. Willing to test your software