diff --git a/platform/include/global_metrics.h b/platform/include/global_metrics.h
index 00e72bc..8eaf699 100644
--- a/platform/include/global_metrics.h
+++ b/platform/include/global_metrics.h
@@ -56,6 +56,7 @@ struct global_metrics
     uint64_t sf_mac_noexist_times; // 累计值
 
     uint64_t session_nums; // 瞬时值
+    uint64_t send_log;     // 瞬时值
 
     struct global_metrics_config config;
     screen_stat_handle_t fs_handle;
diff --git a/platform/src/global_metrics.cpp b/platform/src/global_metrics.cpp
index 3e666e7..5a26af0 100644
--- a/platform/src/global_metrics.cpp
+++ b/platform/src/global_metrics.cpp
@@ -73,6 +73,9 @@ enum SCE_STAT_FIELD
     STAT_SF_MAC_EXIST_TIMES,
     STAT_SF_MAC_NOEXIST_TIMES,
 
+    // send log
+    STAT_SEND_LOG,
+
     // max
     STAT_MAX,
 };
@@ -144,6 +147,9 @@ static const char *stat_map[] =
         [STAT_SF_MAC_EXIST_TIMES] = "sf_mac_succ",
         [STAT_SF_MAC_NOEXIST_TIMES] = "sf_mac_err",
 
+        // send log
+        [STAT_SEND_LOG] = "send_log",
+
         [STAT_MAX] = NULL};
 
 static void global_metrics_parse_config(const char *profile, struct global_metrics_config *config)
@@ -296,5 +302,8 @@ void global_metrics_dump(struct global_metrics *metrics)
     FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_MAC_EXIST_TIMES], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->sf_mac_exist_times), 0, __ATOMIC_RELAXED));
     FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SF_MAC_NOEXIST_TIMES], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->sf_mac_noexist_times), 0, __ATOMIC_RELAXED));
 
+    // send log
+    FS_operate(metrics->fs_handle, metrics->fs_id[STAT_SEND_LOG], 0, FS_OP_SET, __atomic_fetch_add(&(metrics->send_log), 0, __ATOMIC_RELAXED));
+
     FS_passive_output(metrics->fs_handle);
 }
diff --git a/platform/src/packet_io.cpp b/platform/src/packet_io.cpp
index 6a116e5..36e108d 100644
--- a/platform/src/packet_io.cpp
+++ b/platform/src/packet_io.cpp
@@ -4,6 +4,7 @@
 #include <netinet/ether.h>
 
 #include <marsio.h>
+#include <cjson/cJSON.h>
 #include <MESA/MESA_prof_load.h>
 
 #include "log.h"
@@ -1167,6 +1168,75 @@ static int handle_session_opening(struct metadata *meta, struct ctrl_pkt_parser
     return 0;
 }
 
+/*
+{
+  "tsync": "1.0",
+  "session_id": "123456789",
+  "state": "active",
+  "method": "log_update",
+  "params": {
+    "sf_profile_ids": [
+      2,
+      3,
+      4,
+      5,
+      6,
+      7
+    ]
+  }
+}
+*/
+static void send_event_log(struct session_ctx *s_ctx, int thread_seq, void *ctx)
+{
+    struct thread_ctx *thread = (struct thread_ctx *)ctx;
+    struct sce_ctx *sce_ctx = thread->ref_sce_ctx;
+    struct packet_io *packet_io = thread->ref_io;
+    struct selected_chaining *chaining = s_ctx->chaining;
+
+    char buffer[32] = {0};
+    sprintf(buffer, "%lu", s_ctx->session_id);
+
+    cJSON *root = cJSON_CreateObject();
+    cJSON_AddStringToObject(root, "tsync", "1.0");
+    cJSON_AddStringToObject(root, "session_id", buffer);
+    cJSON_AddStringToObject(root, "state", "closing");
+    cJSON_AddStringToObject(root, "method", "log_update");
+    cJSON *sf_profile_ids = cJSON_CreateArray();
+    for (int i = 0; i < chaining->chaining_used; i++)
+    {
+        struct selected_sf *node = &(chaining->chaining[i]);
+        if (node->sf_need_skip == 0 && node->sf_action == SESSION_ACTION_FORWARD)
+        {
+            cJSON *id = cJSON_CreateNumber(node->sf_profile_id);
+            cJSON_AddItemToArray(sf_profile_ids, id);
+        }
+    }
+    cJSON *params = cJSON_CreateObject();
+    cJSON_AddItemToObject(params, "sf_profile_ids", sf_profile_ids);
+    cJSON_AddItemToObject(root, "params", params);
+    char *json_str = cJSON_PrintUnformatted(root);
+
+    LOG_INFO("%s: session %lu %s event log: %s", LOG_TAG_METRICS, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string, json_str);
+
+    marsio_buff_t *tx_buffs[1];
+    marsio_buff_malloc_device(packet_io->dev_nf_interface.mr_dev, tx_buffs, 1, 0, thread_seq);
+    char *dst = marsio_buff_append(tx_buffs[0], s_ctx->first_ctrl_pkt.header_len + strlen(json_str));
+    memcpy(dst, s_ctx->first_ctrl_pkt.header_data, s_ctx->first_ctrl_pkt.header_len);
+    memcpy(dst + s_ctx->first_ctrl_pkt.header_len, json_str, strlen(json_str));
+
+    struct metadata meta = {0};
+    meta.session_id = s_ctx->session_id;
+    meta.is_ctrl_pkt = 1;
+    meta.l7_offset = s_ctx->first_ctrl_pkt.header_len;
+    meta.sids.num = 1;
+    meta.sids.elems[0] = sce_ctx->firewall_sids;
+    packet_io_set_metadata(tx_buffs[0], &meta);
+    marsio_send_burst(packet_io->dev_nf_interface.mr_path, thread_seq, tx_buffs, 1);
+
+    free(json_str);
+    cJSON_Delete(root);
+}
+
 // return  0 : success
 // return -1 : error
 static int handle_session_closing(struct metadata *meta, struct ctrl_pkt_parser *parser, int thread_seq, void *ctx)
@@ -1187,7 +1257,8 @@ static int handle_session_closing(struct metadata *meta, struct ctrl_pkt_parser
             LOG_INFO("%s: session %lu %s metrics log: policy %d sff_profile_id %d sf_profile_id %d sf_need_skip %d sf_action_reason %s rx_pkts %lu rx_bytes %lu tx_pkts %lu tx_bytes %lu", LOG_TAG_METRICS, s_ctx->session_id, s_ctx->first_ctrl_pkt.addr_string, node->policy_id, node->sff_profile_id, node->sf_profile_id, node->sf_need_skip, session_action_reason_to_string(node->sf_action_reason), node->rx.n_pkts, node->rx.n_bytes, node->tx.n_pkts, node->tx.n_bytes);
         }
 
-        // TODO send log to firewall
+        send_event_log(s_ctx, thread_seq, ctx);
+        __atomic_fetch_add(&g_metrics->send_log, 1, __ATOMIC_RELAXED);
 
         __atomic_fetch_sub(&g_metrics->session_nums, 1, __ATOMIC_RELAXED);
         session_table_delete_by_id(thread->session_table, meta->session_id);