Starting in Junos OS Release 19.2R1, you can monitor the screen events.
Use screen events to view the information about security events based on screen profiles. Analyzing screen logs yields information such as attack name, action taken, source of an attack, and destination of an attack.
To monitor screen events, select Monitor > Events > Screen in the J-Web user interface.
Using the time-range slider, you can quickly focus on the time and area of activity that you are most interested in. Once the time range is selected, all of the data presented in your view is refreshed automatically. You can also use the Custom button to set a custom time range.
You can select either the Grid View tab or the Chart View tab to view your data:
Grid View—View the comprehensive details of all screen events in a tabular format that includes sortable columns. You can group the events using the Group By option. For example, you can group the events based on source country. The table includes information such as the event name, source country, source address, destination country, attack name, and so on. Table 33 describes the fields on the Grid View page.
Chart View—View a brief summary of all the screen events in your network. The top of the page has a swim lane graph of all the screen events. You can use the widgets at the bottom of the page to view critical information such as, top screen attackers, top screen victims, and top screen hits. Table 34 describes the widgets on the Chart View page.
Table 33: Screen—Fields on the Grid View Page
Field | Description |
---|---|
Timestamp | The time when the log was received. |
Event Name | Name of the event in the log. |
Source Country | Country from which the traffic that triggered the event originated. |
Source Address | Source IP address for the traffic that triggered the event (IPv4 or IPv6). |
Destination Country | Country to which the traffic that triggered the event was sent |
Attack Name | Name of the attack in the log for threat event. For example, trojan, worm, virus, and so on. |
Destination Address | Destination IP address for the traffic that triggered the event (IPv4 or IPv6). |
Source Port | Source TCP/UDP port number of the traffic that triggered the event. |
Destination Port | Destination TCP/UDP port number of the traffic that triggered the event. |
Description | Brief description of the event. |
Action | Action taken for the event. For example, warning, allow, and block. |
Host Name | Hostname of the device where the log was generated. |
Source Zone Name | Name of the source security zone of the traffic that triggered the event. |
Interface Name | Name of the interface. |
Domain | Displays the network or subnetwork to which the device belongs. |
Table 34: Screen—Widgets on the Chart View Page
Field | Description |
---|---|
Top Screen Attackers | Top source countries from where the event source originated; sorted by the number of source IP addresses. |
Top Screen Victims | Top destination countries targeted for the attack; sorted by the number of destination IP addresses. |
Top Screen Hits | Top source IP addresses of the network traffic; sorted by the number of event occurrences. |