View GTP Logs
View GTP logs to gain visibility into the traffic that
mobile subscribers generate.
GTP logs are event-based logs that include
information on a wide range of GTP attributes, including GTP event
type, GTP message type, GTP event code, GTP interface, Tunnel ID,
IMSI, the end-user IP address, in addition to TCP/IP information
that the next-generation firewall identifies, such as application,
source and destination address, and timestamp. GTP logs, along with
traffic, threat, URL filtering, and WildFire Submissions logs (if
you have enabled GTP-U content inspection), give you visibility
into the data (IP packet encapsulated in GTP-U packet) traffic generated
by individual mobile subscribers.
The IP address assigned
to a mobile subscriber is dynamic and can change whenever the user
equipment is powered on or off, or when the user equipment attaches
to a different packet gateway on the same PLMN or a different PLMN
(when the subscriber is roaming). To identify the mobile subscriber
who generated the traffic, you need a way to associate the IP address
with a unique attribute for each subscriber. With stateful GTP-C
inspection and GTP-U content inspection, you can correlate the unique
identity (IMSI and IMEI) for each subscriber with the dynamically
assigned subscriber's IP address, and this association makes it
possible to identify the (GTP-U) traffic generated by each mobile
subscriber.
- View GTP logs. Select . The screenshot in this example filters out logs that are of informational severity. Click the spyglass icon beside an entry to view additional details about the session.
- Filter for mobile subscriber traffic using IMSI or IMEI in traffic, threat, URL Filtering, Data Filtering, WildFire Submisssions, or Unified logs. The screenshot displays critical severity events Threat logs for all IMSI values.
