Conversation view from network session logs
Posted: Sun May 24, 2020 11:31 pm
I'm currently parsing Juniper firewall logs, and can easily filter on security zones, IPs, protocols and destination ports.
However, I'm interested in seeing a summary of this type of data. This would be similar to a "conversations view" from Wireshark. For example: If I search a firewall's logs and filter on 7 days of Internal to DMZ traffic, I'd like to see a summary of the connections. SourceIP --> DestinationIP and destination port (a count of those events would be great too).
Perhaps I could try to parse out that information (SourceIP --> DestinationIP) to its own indexed "field" and then use the table summary?
Is there a better way?
Thank you!
However, I'm interested in seeing a summary of this type of data. This would be similar to a "conversations view" from Wireshark. For example: If I search a firewall's logs and filter on 7 days of Internal to DMZ traffic, I'd like to see a summary of the connections. SourceIP --> DestinationIP and destination port (a count of those events would be great too).
Perhaps I could try to parse out that information (SourceIP --> DestinationIP) to its own indexed "field" and then use the table summary?
Is there a better way?
Thank you!