Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Monitor Session

You are here: Monitor > Logs > Session.

Use the monitoring functionality to view the firewall events or sessions that occurred during the time period specified.

Note:
  • Session page is available on all the SRX Series Firewalls except the SRX5000 line of devices.

  • To view the data on the Session page, ensure that security logging is enabled. If not, go to Device Administration > Basic Settings > Security Logging and enable Stream mode Logging and On-box reporting.

Table 1 describes the fields on the Session page.

Table 1: Fields on the Session Page

Field

Description

Last

Select the time from the list to view the activity that you are most interested in. Once you select the time, all the data presented in your view refreshes automatically.

You can also use Customize to set a custom date and click Apply to view the specified session logs.

More

  • View PCAP Counters—View packet capture (PCAP) counter statistics for unknown application traffic. Click Clear Counters to reset all the packet capture counters value of the unknown application traffic to zero.

  • Delete PCAP Files—Select this option to permanently delete all the available PCAP files on your device.

Refresh

Click the refresh icon to get the latest session information.

Show Hide Columns

The three vertical dots represents this icon.

Enables you to show or hide a column in the grid.

Export to CSV

You can export the session data to a comma-separated value (.csv) file.

Select the three vertical dots on the right-side of the page and then click Export to CSV. The CSV file is downloaded to your local machine. You can download only maximum of 100 sessions data.

Filter Criteria

Use the filter text box present above the table grid. The search includes the logical operators as part of the filter string. In the filter text box, when you hover over the icon, it displays an example filter condition. When you start entering the search string, the icon indicates whether the filter string is valid or not.

The following filters are available:

  • Source IP

  • Destination IP

  • Session ID

  • Log type

  • User

  • Application

  • Source Zone

  • Destination Zone

  • Source Country

  • Destination Country

  • Source Port

  • Destination Port

  • Protocol

X

Click X to clear your search filter.

Save Filter

Click Save Filter to save filters after you specify the filtering criteria.

To save a filter:

  1. Enter the filter criteria you are looking for in the advanced search box.

  2. Click Save Filter.

  3. Enter a name for the filter and click the tick icon to save it.

Load Filter

Displays the saved filters list.

Hover over the saved filter name to view the query expression. You can delete the saved filter using the delete icon.

View Details

When you hover over the PCAP file, a Detailed View icon appears before the PCAP file. Click the icon to view the log details on the Detailed Log View page.

Click on the download icon in the Detailed Log View page to download the packet capture file of an unknown application traffic. The session ID available in the file name identifies the PCAP file.

Note:

If the files are not available, the download fails and you will receive an error message.

PCAP

Click on the download icon to download the packet capture (PCAP) file of an unknown application traffic. The download icon appears only if a packet captured for the session log type close.

The session ID available in the file name identifies the PCAP file.

Note:

If the files are not available, the download fails and you will receive an error message.

Time

Displays the time when the log was received.

Log Type

Displays the log type.

Source Zone

Displays the source zone of the session.

Source IP

Displays the source IP address from where the session occurred.

User

Displays the username from whom the session log is generated.

Destination Zone

Displays the destination zone of the session.

Destination IP

Displays the destination IP of the session occurred.

Destination Port

Displays the destination port of the session.

Application

Displays the application name from which the session logs are generated.

Action

Displays the action taken for the event: warning, allow, and block.

Policy

Displays the destination country of the log.

Bandwidth

Displays the bandwidth utilization for the session.

NAT Source IP

Displays the translated (or natted) source IP address. It can contain an IPv4 or an IPv6 addresses.

NAT Source Port

Displays the translated source port.

NAT Destination IP

Displays the translated (also called natted) destination IP address.

NAT Destination Port

Displays the translated destination port.

Protocol ID

Displays the protocol ID in the log.

Session ID

Displays the traffic session ID of the log.

Interface

Displays the interface of the session.

Closure Reason

Displays the reason for the log generation. For example, a connection tear down may have an associated reason such as authentication failed.

Packets From Client

Displays the number of packets received from the client.

Bytes From Client

Displays the number of bytes received from the client.

Packets From Server

Displays the number of packets received from the server.

Bytes From Server

Displays the number of bytes received from the server.

Elapsed Time

Displays the time elapsed since the last time interval began.

Source Port

Displays the port number of the source.