Hi,
I'm not aware of a method to restrict the fields for the session create and session close SYSLOG messages. If your SYSLOG servers is overextended by the amount of messages per second, you could configure a rate limit.
The rate limit feature was introduced to allow session logs being redirected to the control plane and there be stored in a file. This is important for NSM that doesn't has a SYSLOG receiver in the moment (but will get one very soon luckily).
You can make enable the rate limit by issuing these commands:
# set security log mode event
# set security log event-rate x
# set security log event-rate ?
Possible completions:
<event-rate> Control plane event rate limit of logs per (0..1500 secs)
Then the ordinary SYSLOG configuration applies to you:
set system syslog file FW-LOGS user info
set system syslog file FW-LOGS match RT_FLOW
set system syslog file FW-LOGS archive size 1m
set system syslog file FW-LOGS archive files 3
set system syslog file FW-LOGS structured-data brief
You could eventually include a more specific regexp in the match clause to restrict the lines a little bit more.
Please be aware that handling session logs is not a good idea in general and can cause high CPU utilization and other negative impacts on your SRX. This is true in particular as you operate the big iron, SRX 5800. So be careful! But it is the only idea I have to reduce the amount of SYSLOG messages per second to unload your SYSLOG server a bit. Again, due to my knowledge, there is no option to restrict the columns of the SYSLOG lines.
As your use-case make sense, you could submit a request for feature enhancement to your Juniper sales engineer.
Regards,
Dominik