Log at session start??

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Log at session start??

L2 Linker

Hello everyone,

What I read the best practice is to enable log at session end, is there any use case to enable log at session start?

any thoughts?


Life is full of surprise,
Just embrace it!

L0 Member

If you want to log Deny or if you are troubleshooting a policy, enable "log at session start"

L6 Presenter

You don't need to log at start in a deny rule to get a log entry. But logging at start can be useful in debugging:

1) Sessions that are long running - You get an initial log when the connection starts, and then another entry hours later when the connection ends. You don't have to look at Session Browser to try and pick out a live connection (the filtering tools in Session Browser are far more limited than Traffic Log).

2) Session parameters change over time - The connection is initially allowed in one rule, but then later the AppID reclassifies the connection which matches a different rule (i.e. the start log shows it as allowed under a rule "source->dest web-browsing allow", but the end log shows it under a different rule "src->dest social-media-whatever block").

  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!