Understanding WELF Logging for UTM Features

UTM features support the WELF standard. The WELF Reference defines the WebTrends industry standard log file exchange format. Any system logging to this format is compatible with Firewall Suite 2.0 and later, Firewall Reporting Center 1.0 and later, and Security Reporting Center 2.0 and later.

A WELF log file is made up of records. Each record makes up a single line of the file. Records are always in chronological order. The earliest record is the first record in the file; the most recent record is the last record in the file. The WebTrends Enhanced Log Format places no restrictions on log file names or log file rotation policies.

Note: Each WELF record is made up of fields. The record identifier field (id=) must be the first field in a record. All other fields can appear in any order.

The following is a sample WELF record:

id=firewall time="2000-2-4 12:01:01" fw=192.168.0.238 pri=6 rule=3 proto=http
src=192.168.0.23 dst=6.1.0.36 rg=www.webtrends.com/index.html op=GET result=0
rcvd=1426

The fields from the example WELF record include the following required elements (all other fields are optional):

• id (Record identifier)
• time (Date/time)
• fw (Firewall IP address or name)
• pri (Priority of the record)

Related Topics

JUNOS Software Feature Support Reference for SRX Series and J Series Devices