Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Help Center
Show Contents
Help CenterJ-Web TasksMonitorAlarms
Contents  
Hide Contents
DownloadPrint

Monitoring Security Events by Policy

Purpose

Monitor security events by policy and display logged event details with the J-Web user interface.

Action

To monitor security events by policy:

Procedure

  1. Select one of the following in the J-Web user interface:

    • If you are using SRX5400, SRX5600, or SRX5800 platforms, select Monitor>Events and Alarms>Security Events.

    • Select Monitor>Alarms>Policy Log.

    The View Policy Log pane appears. Table 8 describes the content of this pane.

    Table 8: View Policy Log Fields

    Field

    Value

    Log file name

    Name of the event log files to search.

    Policy name

    Name of the policy of the events to be retrieved.

    Source address

    Source address of the traffic that triggered the event.

    Destination address

    Destination address of the traffic that triggered the event.

    Event type

    Type of event that was triggered by the traffic.

    Application

    Application of the traffic that triggered the event.

    Source port

    Source port of the traffic that triggered the event.

    Destination port

    Destination port of the traffic that triggered the event.

    Source zone

    Source zone of the traffic that triggered the event.

    Destination zone

    Destination zone of the traffic that triggered the event.

    Source NAT rule

    Source NAT rule of the traffic that triggered the event.

    Destination NAT rule

    Destination NAT rule of the traffic that triggered the event.

    Is global policy

    Specifies that the policy is a global policy.

    If your device is not configured to store session log files locally, the Create log configuration button is displayed in the lower-right portion of the View Policy Log pane.

    • To store session log files locally, click Create log configuration.

    If session logs are being sent to an external log collector (stream mode has been configured for log files), a message appears indicating that event mode must be configured to view policy logs.

    Note: Reverting to event mode will discontinue event logging to the external log collector.

    • To reset the mode option to event, enter the set security log command.

  2. Enter one or more search fields in the View Policy Log pane and click Search to display events matching your criteria.

    For example, enter the event type Session Close and the policy pol1 to display event details from all Session Close logs that contain the specified policy. To reduce search results further, add more criteria about the particular event or group of events that you want displayed.

    The Policy Events Detail pane displays information from each matching session log. Table 9 describes the contents of this pane.

Table 9: Policy Events Detail Fields

Field

Value

Timestamp

Time when the event occurred.

Policy name

Policy that triggered the event.

Record type

Type of event log providing the data.

Source IP/Port

Source address (and port, if applicable) of the event traffic.

Destination IP/Port

Destination address (and port, if applicable) of the event traffic.

Service name

Service name of the event traffic.

NAT source IP/Port

NAT source address (and port, if applicable) of the event traffic.

NAT destination IP/Port

NAT destination address (and port, if applicable) of the event traffic.

Related Documentation

Help us to improve. Rate this article.
     
Feedback Received. Thank You!
Previous
Monitoring Alarms
Next
Events
Related Topics
Need more help?

Ask questions in TechWiki

Contact Customer Support

Check documentation in TechLibrary

© 2018 Juniper Networks, Inc. All rights reserved

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit