Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

security firewall session-log <protocol>

Specifies the logging that should be performed for selected state changes for the given protocol.

set security firewall session-log { icmp icmp-state | other other-state | udp udp-state | tcp tcp-state }
delete security firewall session-log { icmp | other | udp | tcp }
show security firewall session-log

Session logging is disabled.

icmp-state
Enables Internet Control Message Protocol (ICMP) for messaging for the session log.
  • closed: Entering the closed state.
  • established: Entering the established state.
  • new: Entering the new state.
  • timeout: Entering the timeout state.
other-state
To use protocols other than TCP, UDP, or ICMP for session logging. Accepts the same parameters as ICMP.
ucp-state
To use User Datagram Protocol (UDP) for session logging. Accepts the same parameters as ICMP.
tcp-state
Enables Transmission Control Protocol (TCP) for session logging.
  • closed-wait: Entering the closed-wait state.
  • closing: Entering the closing state.
  • established: Entering the established state.
  • fin-received: Entering the fin-received state.
  • fin-sent: Entering the fin-sent state.
  • fin-wait: Entering the fin-wait state.
  • last-ack: Entering the last-ack state.
  • simsyn-sent: Entering the simsyn-sent state.
  • syn-received: Entering the syn-received state.
  • syn-sent: Entering the syn-sent state.
  • time-wait: Entering the time-wait state.
  • timeout: Entering the timeout state.

Configuration mode


security {
    firewall {
        session-log {
            icmp
               {
                closed
                established
                new
                timeout
                }
            other
               {
                closed
                established
                new
                timeout
                }
            udp
               {
                closed
                established
                new
                timeout
                }
            tcp
               {
                closed-wait
                closing
                established
                fin-received
                fin-sent
                fin-wait
                last-ack
                simsyn-sent
                syn-received
                syn-sent
                time-wait
                timeout
                }
           }
      }
  }

Use the set form of this command to log packets when entering in the state matching what was configured.

If a stateful firewall rule or a NAT rule is matched in a flow and this command is configured, a log message is generated when the session transitions to the state that is set in the configuration.

Use the delete form of this command to delete the logging of transitions into the selected state for the given protocol.

Use the show form of this command to display the logging that is enabled for the various protocols.