Help Center User GuideGetting StartedFAQRelease Notes
User Guide
Getting Started
Release Notes

Events and Logs Overview

Use the Events and Logs page to get an overall, high‐level view of your network environment. You can view abnormal events, attacks, viruses, or worms when log data is correlated and analyzed.

This page provides administrators with an advanced filtering mechanism and provides visibility into actual events collected by the Log Collector. Using the time-frame slider, you can instantly focus on areas of unusual activity by dragging the time slider to the area of interest to you. The slider and the Custom button under Time Range remain at the top of each tab. Users select the time range, and then they can decide how to view the data, using the summary view or detail view tabs.

To access the Event Viewer page select Monitor > Events & Logs > All Events.

Events & Logs—Summary View

Click Summary View for a brief summary of all the events in your network. At the center of the page is critical information, including total number of events, viruses found, total number of interfaces that are down, number of attacks, CPU spikes, and system reboots. This data is refreshed automatically based on the selected time range. At the bottom of the page is a swim-lane view of different events that are happening at a specific time. The events include firewall, Web filtering, VPN, content filtering, antispam, antivirus and IPS. Each event is color‐coded, with darker shades representing a higher level of activity. Each tabs provide deep information like type, and number of events occurring at that specific time.

See Table 7 the descriptions of the widgets in this view.

Table 7: Events and Logs Summary View Widgets



Total Events

Total number of all the events that includes firewall, webfiltering, IPS, IPSec, content filtering, antispam, and antivirus events.

Virus Instances

Total number of virtual instances running in the system.


Total number of attacks on the firewall.

Interface Down

Total number of interfaces that are down.

CPU Spikes

Total number of times a CPU utilization spike has occurred.


Total number of system reboots.


Total number of sessions established through firewall.

Events & Logs—Detail View

Click Detail View for comprehensive details of events in a tabular format that includes sortable columns. You can sort the events using the Group by option. For example, you can sort the events based on severity. The table includes information such as the rule that caused the event, severity for the event, event ID, traffic information, and how and when the event was detected.

Advanced Search

You can perform advanced search of all events using the text field present above the tabular column. It includes the logical operators as part of the filter string. Enter the search string in the text field and based on your input, a list of items from the filter context menu is displayed. You can select a value from the list and then select a valid operator based on which you want to perform the advanced search operation. Press Enter to display the search result in the tabular column below.

To delete the search string in the text field, click X icon.

Following are some of the examples for event log filters:

See Table 8 for field descriptions.

Table 8: Events and Logs Detail Columns




The time when the log was received.

Event Name

The event name of the log

Source Country

The source country name.

Source IP

The source IP address from where the event occurred.

Destination Country

Destination country name from where the event occurred.

Destination IP

The destination IP address of the event.

Source Port

The source port of the event.

Destination Port

The destination port of the event.


The description of the log.

Attack name

Attack name of the log: Trojan, worm, virus, and so on.

Threat Severity

The severity level of the threat.

Policy Name

The policy name in the log.

UTM category or Virus Name

The UTM category of the log.


Accessed URL name that triggered the event.

Event category

The event category of the log.

User Name

The username of the log.


Action taken for the event: warning, allow, and block.

Log Source

The IP address of the log source.


The application name from which the events or logs are generated


The host name in the log.

Service Name

The name of the application service. For example, FTP, HTTP, SSH, and so on.

Nested Application

The nested application in the log.

Source Zone

The source zone of the log.

Destination Zone

The destination zone of the log.

Protocol ID

The protocol ID in the log.


The role name associated with the log.


The reason for the log generation. For example, a connection tear down may have an associated reason such as authentication failed.

NAT Source Port

The translated source port.

NAT Destination Port

The translated destination port.

NAT Source Rule Name

The NAT source rule name.

NAT Destination Rule Name

The NAT destination rule name.

NAT Source IP

The translated (or natted) source IP address. It can contain IPv4 or IPv6 addresses.

NAT Destination IP

The translated (also called natted) destination IP address.

Traffic Session ID

The traffic session ID of the log.

Path Name

The path name of the log.

Logical system Name

The name of the logical system.

Rule Name

The name of the rule.

Profile Name

The name of the All events profile that triggered the event.

Role-Based Access Control for Event Viewer

Role-Based Access Control (RBAC) has the following impact on the Event Viewer:

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support