You can use the "match" command in your syslog definition. So something like this:
set system syslog file policy-log user info [Will capture policy session info (create, close, deny)]
set system syslog file policy log match "syntax for matching here" [ie match on an IP addr or a policy name]
This works just fine. The first line captures all of the session info based on your policy log statement(s) (session-init, session-close) The second filters what is written to the file based on the match criteria.
So you could have one log per policy as an example.
Don't have direct access to an SRX right now so I can't give you examples of the match syntax but it is pretty straightforward.
Additionally, here are some other debugging options.
set security flow traceoptions file DebugTraffic
set security flow traceoptions flag basic-datapath
set security flow traceoptions packet-filter MatchTraffic source-prefix x.x.x.x/32 destination-prefix y.y.y.y/32
set security flow traceoptions packet-filter MatchTrafficReverse source-prefix y.y.y.y/32 destination-prefix x.x.x.x/32
set security policies traceoptions file PolicyLookup set security policies traceoptions file match <match_condition> set security policies traceoptions flag lookup set security policies traceoptions flag rules set security policies traceoptions flag configuration
[KUDOS PLEASE! If you think I earned it! If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]