Update!
The SRX Session analyzer has been updated. The links below have been updated to version 1.5. Thanks for all the bug reports, feedback and kind words.
New Plugins have been added in 1.5-
There are three plugins currently written. All analyze traffic log files (either local on the box that have been downloaded)
or data stored on a syslog server. Either way.. you can analyzer three types of log entries. There are multiple filters in place to show you top talkers by source/dest, service, policy, bytes, zones, and how your session was closed.
- Session Create - These are logs are created when 'log session init' is configured on the policy. This log entry means a session has been opened.
- Session Close - These are logs are created when 'log session close' is configured on the policy. This log entry means a session has been removed from the session table.
- Session Deny - These are logs when logging is configured on a deny policy and the traffic was dropped.
Juniper sells the STRM box for this but many customers cannot justify that kind of cost.