With a Juniper SRX Firewall with traffic event logging configuration to setup to output "RT_IDP|RT_FLOW_SESSION" to a file on the SRX there are pieces of log information which are appended to the end of the log/event entry.
For example with the 2 below log events the last 3 words in the first log event refers to "HTTP UNKNOWN UNKNOWN" and the second log line the last 3 words refer to "UNKNOWN UNKNOWN UNKNOWN".
Does anyone what the last 3 words in SRX traffic log files refer to?
RT_FLOW: RT_FLOW_SESSION_CREATE: session created 10.25.255.2/33355->10.10.5.5/80 0x0 junos-http 10.25.255.2/33355->192.168.2.5/80 0x0 N/A N/A destination rule ENT 6 ENT Internet ENT 9719 N/A(N/A) ge-0/0/0.0 HTTP UNKNOWN UNKNOWN
1 RT_FLOW: RT_FLOW_SESSION_CREATE: session created 10.25.255.2/5432->10.18.5.5/80 0x0 junos-http 10.25.255.2/5432->192.168.2.5/80 0x0 N/A N/A destination rule ENT 6 ENT Internet ENT 10378 N/A(N/A) ge-0/0/0.0 UNKNOWN UNKNOWN UNKNOWN
Thanks.
#logging#SRX