Session browser vs. traffic logs

L1 Bithead

Session browser vs. traffic logs

Hi all,

Maybe someone can help to bring some light on my question. I'm trying to determine the difference between the session browser and the traffic logs. Why it is that when I search on a rule in the traffic logs I see specific traffic that is not in the session browser? I'm trying to remove a rule from our firewall by first seeing if other rules are taking precedence over it. The problem is when I look at traffic that is using that rule in the traffic log I'm only seeing subnets and not specific IPs. I then attempt to do the same thing in the session browser to see the IPs and do not find the traffic I noticed in the traffic logs? Seems like I'm missing something and probably need a better understanding of how both tools work.

Thanks for the help in advance!

L5 Sessionator

Re: Session browser vs. traffic logs

Hi @joeyjoejoe

 

The traffic log shows you historic information for sessions that have already ended (via the "Log at Session End" option in the security policy).

 

The session browser allows you to view active sessions currently passing through the firewall. Once those sessions end you'll see them in the traffic log.

 

Thanks,

Luke.

L1 Bithead

Re: Session browser vs. traffic logs

Hi @LukeBullimore,

Yeah that makes a lot of sense actually and not sure why I didn't put that together. Thanks for the clarification on that!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!