Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] AppTrack log messages continue to get generated even after disabling the feature

0

0

Article ID: KB32919 KB Last Updated: 12 Jul 2018Version: 1.0
Summary:

Application tracking (AppTrack) is a logging and reporting feature enabled on SRX devices that sends log messages through syslog, thereby providing application activity update messages. However, in these devices, it is observed that AppTrack log messages are generated even after the feature is disabled for sessions.

The article provides an explanation for this, and indicates whether any action can be taken to change the behavior.

 

Symptoms:

The counters of the messages increase as shown below with and without AppTrack enabled: 

With AppTrack Enabled

# run show security application-tracking counters 

Application tracking counters:

AppTrack counter type                             Value
Session create messages                             5
Session close messages                              6
Session volume updates                              3
Session route updates                               0
Session zone updates                                0
Failed messages                                     0

With AppTrack Disabled

set security application-tracking disable
delete/deactivate security zones security-zone TEST application-tracking

The messages continue to be generated as follows:

# run show security application-tracking counters 

Application tracking counters:

AppTrack counter type                             Value
Session create messages                             5        >>>> Will remain the same
Session close messages                              9        >>>> Close messages generated even after disabling AppTrack
Session volume updates                              5        >>>> Volume messages generated even after disabling AppTrack
Session route updates                               0
Session zone updates                                0
Failed messages                                     0

 

Cause:

The sessions that were tracked before AppTrack was disabled are tracked until they are closed.

 

Solution:

This is as per design so that information for the sessions that were tracked by AppTrack remains updated. AppTrack is disabled only for any subsequent new sessions. 

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search