Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to configure the Juniper Firewall Traffic Log (Policy Log)



Article ID: KB4214 KB Last Updated: 18 Mar 2021Version: 8.0

This article details the steps to configure the Juniper Firewall Traffic Log (Policy Log).


Juniper Firewalls provide traffic logs to monitor and record the traffic that policies permit across the firewall. A traffic log notes the following elements for each session:

  • Date and time that the connection started
  • Source address and port number
  • Translated source address and port number
  • Destination address and port number
  • The duration of the session
  • The service used in the session

To log all traffic that a Juniper firewall device receives, you must enable the logging option for all policies.

To log specific traffic, enable logging only on policies that apply to that traffic.

The firewall generates logs when sessions end. However beginning with ScreenOS 5.2.0 and above, you also have the option to start logging at session initiation. Logging at session init will not show duration but it can be useful for troubleshooting purposes. 

There are three ways to view the logs:

To configure the Juniper Firewall Traffic Log, perform the following steps:

  1. Open the WebUI. For assistance, see KB4060 - Accessing Your NetScreen, SSG, or ISG Firewall Using the WebUI.

  2. From the ScreenOS options menu, click Policies.

  1. In the From drop-down menu, select the desired From and To zones. For example, in the From drop-down menu, click to select Trust. In the To drop-down menu, click to select Untrust.

  1. Click New or Edit.

  2. Click to select Logging.  

step five

By checking the first box, the security device generates logs when sessions end. By checking the 'at Session Beginning', the security device generate logs when sessions start. If both are selected, you will get both entries.

  1. Click OK.

You can view traffic logs stored in flash storage on the Juniper firewall device through either the CLI or WebUI. You may also open or save the file to the location you specify, and then use an ASCII text editor (such as Notepad or WordPad) to view the file. Alternatively, you can send them to an external storage space, or include traffic logs with event logs sent by email to an administrator.

  • To view the Traffic Logs from the ScreenOS options menu (via the WebUI), click Reports, and then select Policies.

  • To view the Traffic Logs from the CLI, enter the command get log traffic <options>.

Modification History:
2020-03-19: Replaced old WebGUI screenshots with new one; article checked for accuracy and found to be valid and relevant
2021-03-18: Minor non-technical edit.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search