Source and destination UUID logging
The log-uuid
setting in system global
is split into two settings: log-uuid-address
and log-uuid policy
.
The traffic log includes two internet-service
name fields: Source Internet Service (srcinetsvc
) and Destination Internet Service (dstinetsvc
).
Log UUIDs
UUIDs can be matched for each source and destination that match a policy that is added to the traffic log. This allows the address objects to be referenced in log analysis and reporting.
As this may consume a significant amount of storage space, this feature is optional. By default, policy UUID insertion is enabled and address UUID insertion is disabled.
To enable address and policy UUID insertion in traffic logs using the GUI:
- Go to Log & Report > Log Settings.
- Under UUIDs in Traffic Log, enable Policy and/or Address.
- Click Apply.
To enable address and policy UUID insertion in traffic logs using the CLI:
config system global set log-uuid-address enable set log-uuid-policy enable end
Sample log
date=2019-01-25 time=11:32:55 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="vdom1" eventtime=1528223575srcip=192.168.1.183 srcname="PC24" srcport=33709 srcintf="lan" srcintfrole="lan" dstip=192.168.70.184 dstport=80 dstintf="wan1" dstintfrole="wan" srcuuid="27dd503e‑883c‑51e7‑ade1‑7e015d46494f" dstuuid="27dd503e-883c-51e7-ade1-7e015d46494f" poluuid="9e0fe24c‑1808‑51e8‑1257‑68ce4245572c" sessionid=5181 proto=6 action="client-