when syslog session logging is enabled, session logging format is not correct.
It's missing aggregate and session map.
In case of agent, it's SessionEndpointObject but for syslog it's printing SessionData.
with this it's difficult to identify which is local ip/port and which one is remote.
And for consistency also we may need to follow the same format as in agent log.
session logged in syslog:
Nov 9 16:05:06 nodec62 contrail-vrouter-agent[25754]: 2017-11-09 Thu 16:05:06:078.622 IST nodec62 [Thread 139761092937472, Pid 25754]: [SYS_INFO]: SessionData: [ vmi = default-domain:admin:bf8f6cc0-ee17-46b2-80d4-76f7e62e9c4e vn = default-domain:admin:vn1 ] security_policy_rule = 00000000-0000-0000-0000-000000000001 remote_vn = default-domain:admin:vn2 is_client_session = 1 is_si = 0 vrouter_ip = 10.204.217.102 ip = 1.1.1.3 port = 0 protocol = 1 sampled_forward_bytes = 98 sampled_forward_pkts = 1 sampled_reverse_bytes = 0 sampled_reverse_pkts = 0 ip = 2.2.2.3 port = 2121 forward_flow_info= [ sampled_bytes = 98 sampled_pkts = 1 flow_uuid = 4633707c-ac14-4e3f-bd6f-f21089593278 tcp_flags = 0 setup_time = 1510223705458015 action = pass sg_rule_uuid = 4e260eee-c526-11e7-992b-0242ac110002 nw_ace_uuid = 6e2ae15c-dde7-412b-ada3-d0a75a28e3ef underlay_source_port = 57441 ] reverse_flow_info= [ flow_uuid = 2ee8864e-173c-428a-b682-c38042b8d2d7 setup_time = 1510223705458015 action = pass sg_rule_uuid = 4e260eee-c526-11e7-992b-0242ac110002 nw_ace_uuid = 6e2ae15c-dde7-412b-ada3-d0a75a28e3ef ] vm = 7cde62dc-5aa3-4ca4-bb86-110c588a9381 other_vrouter_ip = 10.204.216.69 underlay_proto = 2 ]
session logged in agent log file:
2017-11-09 Thu 16:17:23:448.904 IST nodec62 [Thread 139916723578624, Pid 26970]: [SYS_INFO]: SessionEndpointObject: session_data= [ [ [ vmi = default-domain:admin:bf8f6cc0-ee17-46b2-80d4-76f7e62e9c4e vn = default-domain:admin:vn1 security_policy_rule = 00000000-0000-0000-0000-000000000001 remote_vn = default-domain:admin:vn2 is_client_session = 1 is_si = 0 vrouter_ip = 10.204.217.102 sess_agg_info= [ [ [ ip = 1.1.1.3 port = 0 protocol = 1 ] [ sampled_forward_bytes = 98 sampled_forward_pkts = 1 sampled_reverse_bytes = 0 sampled_reverse_pkts = 0 sessionMap= [ [ [ ip = 2.2.2.3 port = 3661 ] [ forward_flow_info= [ sampled_bytes = 98 sampled_pkts = 1 flow_uuid = 554e4d82-7270-4631-967c-eaa6dffaa2bf tcp_flags = 0 setup_time = 1510224442784313 action = pass sg_rule_uuid = 4e260eee-c526-11e7-992b-0242ac110002 nw_ace_uuid = 6e2ae15c-dde7-412b-ada3-d0a75a28e3ef underlay_source_port = 59952 ] reverse_flow_info= [ flow_uuid = 1df26364-e452-4fd4-bea4-2ae6f26ef0a2 setup_time = 1510224442784313 action = pass sg_rule_uuid = 4e260eee-c526-11e7-992b-0242ac110002 nw_ace_uuid = 6e2ae15c-dde7-412b-ada3-d0a75a28e3ef ] vm = 7cde62dc-5aa3-4ca4-bb86-110c588a9381 other_vrouter_ip = 10.204.216.69 underlay_proto = 2 ], ] ] ], ] ] ], ] ]
We need to differentiate between local-ip and remote-ip, and between service-port and client-port.
But, we will not have any concept of aggregates or maps in the syslog