profile (security)
Syntax
profile name {
category {
aamw {
field-extra-name name;
field-namename;
}
antispam {
field-extra-name name;
field-namename;
}
antivirus {
field-extra-name name;
field-namename;
}
apptrack {
field-extra-name name;
field-namename;
}
content-filter {
field-extra-name name;
field-namename;
}
idp {
field-extra-name name;
field-namename;
}
secintel {
field-extra-name name;
field-namename;
}
session {
field-extra-name name;
field-namename;
}
ssl-proxy {
field-extra-name name;
field-namename;
}
webfilter {
field-extra-name name;
field-namename;
}
}
stream-name name;
template (sd-wan | traditional-firewall | unified-ngfw);
}Hierarchy Level
[edit security log]
Description
Configure the security log profile to define the policy related log format including fields selection and fields order for the log. You can apply the log profile to a policy to get the log in a predefined format. Configure the stream and the log server to send the logs to the destination before configuring the profile. You can specify the log profile only for the policy related logs. After configuring the policy category, configure the field-name from the options that are available for the policy log per category. After you have selected the field name, select the field-extra name from the available options. You can apply the profile on the policy related logs mentioned in the Table 1.
| Category | Policy related logs |
|---|---|
| SESSION |
RT_FLOW_SESSION_CREATE RT_FLOW_SESSION_CLOSE RT_FLOW_SESSION_DENY RT_FLOW_SESSION_UPDATE |
| WEBFILTER |
WEBFILTER_URL_BLOCKED WEBFILTER_URL_PERMITTED WEBFILTER_URL_REDIRECTED |
| ANTIVIRUS | AV_VIRUS_DETECTED_MT |
| CONTENT-FILTER | CONTENT_FILTERING_BLOCKED_MT |
| ANTISPAM | ANTISPAM_SPAM_DETECTED_MT |
| IDP | IDP_ATTACK_LOG_EVENT |
| SECINTEL | SECINTEL_ACTION_LOG |
| AAMW |
AAMW_ACTION_LOG AAMW_IMAP_ACTION AAMW_SMTP_ACTION |
| SSL-PROXY |
SSL_PROXY_SSL_SESSION_DROP SSL_PROXY_SSL_SESSION_ALLOW |
| APPTRACK |
APPTRACK_SESSION_VOL_UPDATE APPTRACK_SESSION_CREATE APPTRACK_SESSION_CLOSE |
Default
Options
| category |
Selects the category of events for the profile |
| stream-name |
Specify the destination to send the log. One log profile can point to multiple streams. Different log profiles can point to the same stream. You need to configure the stream mode for the logging before configuring stream-name. |
| template |
Select the template from the available options for the profile to get the log in a predefined format. You can apply the profile template on the policy related logs and categories mentioned in the Table 2. |
| TEMPLATES | CATEGORIES | FIELDS |
|---|---|---|
| traditional-firewall | SESSION |
reason source-address source-port destination-address destination-port service-name nat-source-address nat-source-port nat-destination-address nat-destination-port protocol-id policy-name source-zone-name destination-zone-name session-id-32 packets-from-client bytes-from-client packets-from-server bytes-from-server elapsed-time username packet-incoming-interface flags |
| WEBFILTER | all-fields | |
| ANTIVIRUS | all-fields | |
| CONTENT-FILTER | all-fields | |
| ANTISPAM | all-fields | |
| IDP | all-fields | |
| SECINTEL | all-fields | |
| AAMW | all-fields | |
| SSL-PROXY | all-fields | |
| APPTRACK | all-fields | |
| unified-ngfw | SESSION | session-id |
| reason | ||
| source-address | ||
| source-port | ||
| destination-address | ||
| destination-port | ||
| nat-source-address | ||
| nat-source-port | ||
| nat-destination-address | ||
| nat-destination-port | ||
| protocol-id | ||
| policy-name | ||
| source-zone-name | ||
| destination-zone-name | ||
| packets-from-client | ||
| bytes-from-client | ||
| packets-from-server | ||
| bytes-from-server | ||
| elapsed-time | ||
| application | ||
| nested-application | ||
| username | ||
| packet-incoming-interface | ||
| application-category | ||
| application-sub-category | ||
| application-risk | ||
| flags | ||
| WEBFILTER | session-id | |
| category | ||
| reason | ||
| profile | ||
| url | ||
| username | ||
| urlcategory-risk | ||
| ANTIVIRUS | Session-id | |
| profile-name | ||
| filename | ||
| temporary-filename | ||
| name | ||
| url | ||
| username | ||
| action | ||
| CONTENT-FILTER | Session-id | |
| argument | ||
| profile-name | ||
| action | ||
| reason | ||
| username | ||
| filename | ||
| ANTISPAM | Session-id | |
| profile-name | ||
| action | ||
| reason | ||
| username | ||
| IDP | Session-id | |
| Message-type | ||
| rule-name | ||
| rulebase-name | ||
| policy-name | ||
| export-id | ||
| repeat-count | ||
| action | ||
| threat-severity | ||
| attack-name | ||
| packet-log-id | ||
| alert | ||
| username | ||
| xff-header | ||
| message | ||
| SECINTEL | Session-id | |
| Category | ||
| sub-category | ||
| action | ||
| action-detail | ||
| http-host | ||
| threat-severity | ||
| feed-name | ||
| policy-name | ||
| profile-name | ||
| username | ||
|
AAMW AAMW_ACTION_LOG |
session-id | |
| Hostname | ||
| file-category | ||
| verdict-number | ||
| malware-info | ||
| action | ||
| list-hit | ||
| file-hash-lookup | ||
| policy-name | ||
| username | ||
| url | ||
| SSL-PROXY | session-id | |
| profile-name | ||
| message | ||
| username | ||
|
APPTRACK APPTRACK_SESSION_CLOSE |
session-id | |
| application | ||
| nested-application | ||
| username | ||
| profile-name | ||
| rule-name | ||
| routing-instance | ||
| destination-interface-name | ||
| uplink-incoming-interfacename | ||
| uplink-tx-bytes | ||
| uplink-rx-bytes | ||
| apbr-policy-name | ||
| amr-rule-name | ||
| sd-wan | SESSION | session-id |
| reason | ||
| source-address | ||
| source-port | ||
| destination-address | ||
| destination-port | ||
| nat-source-address | ||
| nat-source-port | ||
| nat-destination-address | ||
| nat-destination-port | ||
| protocol-id | ||
| policy-name | ||
| source-zone-name | ||
| destination-zone-name | ||
| packets-from-client | ||
| bytes-from-client | ||
| packets-from-server | ||
| bytes-from-server | ||
| elapsed-time | ||
| application | ||
| nested-application | ||
| username | ||
| packet-incoming-interface | ||
| application-category | ||
| application-sub-category | ||
| application-risk | ||
| flags | ||
| WEBFILTER | session-id | |
| category | ||
| reason | ||
| profile | ||
| url | ||
| username | ||
| urlcategory-risk | ||
| ANTIVIRUS |
Session-id [this does not exist today – needs to be added] |
|
| profile-name | ||
| filename | ||
| temporary-filename | ||
| name | ||
| url | ||
| username | ||
|
action [ this does not exist today either] |
||
| CONTENT-FILTER |
Session-id [this does not exist today] |
|
| argument | ||
| profile-name | ||
| action | ||
| reason | ||
| username | ||
| filename | ||
| ANTISPAM |
Session-id [this does not exist today] |
|
| profile-name | ||
| action | ||
| reason | ||
| username | ||
| IDP |
Session-id (does not exist today) |
|
| Message-type | ||
| rule-name | ||
| rulebase-name | ||
| policy-name | ||
| export-id | ||
| repeat-count | ||
| action | ||
| threat-severity | ||
| attack-name | ||
| packet-log-id | ||
| alert | ||
| username | ||
| xff-header | ||
| message | ||
| SECINTEL | Session-id | |
| Category | ||
| sub-category | ||
| action | ||
| action-detail | ||
| http-host | ||
| threat-severity | ||
| feed-name | ||
| policy-name | ||
| profile-name | ||
| username | ||
|
AAMW AAMW_ACTION_LOG |
session-id | |
| Hostname | ||
| file-category | ||
| verdict-number | ||
| malware-info | ||
| action | ||
| list-hit | ||
| policy-name | ||
| username | ||
| url | ||
| SSL-PROXY | session-id | |
| profile-name | ||
| message | ||
|
username [this field does not exist today] |
||
|
APPTRACK APPTRACK_SESSION_CLOSE |
source-address | |
| source-port | ||
| destination-address | ||
| destination-port | ||
| service-name | ||
| application | ||
| nested-application | ||
| policy-name | ||
| source-zone-name | ||
| destination-zone-name | ||
| packets-from-client | ||
| bytes-from-client | ||
| packets-from-server | ||
| bytes-from-server | ||
| elapsed-time | ||
| profile-name | ||
| rule-name | ||
| routing-instance | ||
| destination-interface-name | ||
| uplink-incoming-interfacename | ||
| uplink-tx-bytes | ||
| uplink-rx-bytes | ||
| multipath-rule-name | ||
| src-vrf-grp | ||
| dst-vrf-grp | ||
| username | ||
| session-id | ||
| reason |
Required Privilege Level
Release Information
Configuration statement profile is added in Junos OS Release 21.1R1.