I have a policy from trust to untrust on any application to permit, count, log start log close.
I'm sending this traffic to a syslog server and everything is captured and fine.
What I would like to do is send the logs with the destination FQND if that is possible?
Sample log with just IP prefix that I'm currently capturing.
May 11 21:50:00 gateway RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.226.3/56948->172.217.8.100/80 junos-http 10.0.0.31/20143->172.217.8.100/80 source-nat-rule None 6 any trust untrust 7857 N/A(N/A) ge-0/0/2.0 UNKNOWN UNKNOWN UNKNOWN
May 11 21:50:01 gateway RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed TCP FIN: 192.168.226.3/56948->172.217.8.100/80 junos-http 10.0.0.31/20143->172.217.8.100/80 source-nat-rule None 6 any trust untrust 7857 16(918) 14(15316) 2 UNKNOWN UNKNOWN N/A(N/A) ge-0/0/2.0 UNKNOWN
Sample log with desired FQND for that I would like to capture.
May 11 21:50:00 gateway RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.226.3/56948->
mia07s48-in-f4.1e100.net/80 junos-http 10.0.0.31/20143->
mia07s48-in-f4.1e100.net/80 source-nat-rule None 6 any trust untrust 7857 N/A(N/A) ge-0/0/2.0 UNKNOWN UNKNOWN UNKNOWN
May 11 21:50:01 gateway RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed TCP FIN: 192.168.226.3/56948->
mia07s48-in-f4.1e100.net/80 junos-http 10.0.0.31/20143->
mia07s48-in-f4.1e100.net/80 source-nat-rule None 6 any trust untrust 7857 16(918) 14(15316) 2 UNKNOWN UNKNOWN N/A(N/A) ge-0/0/2.0 UNKNOWN
thanks,
Juan
------------------------------
JUAN RUIZ
------------------------------