Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

ON THIS PAGE

Alarms

 

Monitoring Alarms

Purpose

Use the monitoring functionality to view the alarms page.

Action

To monitor alarms, select one of the following in the J-Web user interface:

  • If you are using SRX5400, SRX5600, or SRX5800 platforms, select Monitor>Events and Alarms>View Alarms.

  • Select Monitor>Alarms>View Alarms.

Meaning

Table 8 summarizes key output fields in the alarms page.

Table 8: Alarms Monitoring Page

Field

Value

Additional Information

Alarm Filter

Alarm Type

Specifies the type of alarm to monitor:

  • System– System alarms include FRU detection alarms (power supplies removed, for instance).

  • Chassis– Chassis alarms indicate environmental alarms such as temperature.

  • All– Indicates to display all the types of alarms.

Severity

Specifies the alarm severity that you want to monitor

  • Major– A major (red) alarm condition requires immediate action.

  • Minor– A minor (yellow) condition requires monitoring and maintenance.

  • All– Indicates to display all the severities.

Description

Enter a brief synopsis of the alarms you want to monitor.

Date From

Specifies the beginning of the date range that you want to monitor. Set the date using the calendar pick tool.

To

Specifies the end of the date range that you want to monitor. Set the date using the calendar pick tool.

Go

Executes the options that you specified.

Reset

Clears the options that you specified.

Alarm Details

Displays the following information about each alarm:

  • Type– Type of alarm: System, Chassis, or All.

  • Severity– Severity class of the alarm: Minor or Major.

  • Description– Description of the alarm.

  • Time– Time that the alarm was registered.

Monitoring Security Events by Policy

Purpose

Monitor security events by policy and display logged event details with the J-Web user interface.

Action

To monitor security events by policy:

  1. Select one of the following in the J-Web user interface:

    • If you are using SRX5400, SRX5600, or SRX5800 platforms, select Monitor>Events and Alarms>Security Events.

    • Select Monitor>Alarms>Policy Log.

    The View Policy Log pane appears. Table 9 describes the content of this pane.

    Table 9: View Policy Log Fields

    Field

    Value

    Log file name

    Name of the event log files to search.

    Policy name

    Name of the policy of the events to be retrieved.

    Source address

    Source address of the traffic that triggered the event.

    Destination address

    Destination address of the traffic that triggered the event.

    Event type

    Type of event that was triggered by the traffic.

    Application

    Application of the traffic that triggered the event.

    Source port

    Source port of the traffic that triggered the event.

    Destination port

    Destination port of the traffic that triggered the event.

    Source zone

    Source zone of the traffic that triggered the event.

    Destination zone

    Destination zone of the traffic that triggered the event.

    Source NAT rule

    Source NAT rule of the traffic that triggered the event.

    Destination NAT rule

    Destination NAT rule of the traffic that triggered the event.

    Is global policy

    Specifies that the policy is a global policy.

    If your device is not configured to store session log files locally, the Create log configuration button is displayed in the lower-right portion of the View Policy Log pane.

    • To store session log files locally, click Create log configuration.

    If session logs are being sent to an external log collector (stream mode has been configured for log files), a message appears indicating that event mode must be configured to view policy logs.

    Note

    Reverting to event mode will discontinue event logging to the external log collector.

    • To reset the mode option to event, enter the set security log command.

  2. Enter one or more search fields in the View Policy Log pane and click Search to display events matching your criteria.

    For example, enter the event type Session Close and the policy pol1 to display event details from all Session Close logs that contain the specified policy. To reduce search results further, add more criteria about the particular event or group of events that you want displayed.

    The Policy Events Detail pane displays information from each matching session log. Table 10 describes the contents of this pane.

Table 10: Policy Events Detail Fields

Field

Value

Timestamp

Time when the event occurred.

Policy name

Policy that triggered the event.

Record type

Type of event log providing the data.

Source IP/Port

Source address (and port, if applicable) of the event traffic.

Destination IP/Port

Destination address (and port, if applicable) of the event traffic.

Service name

Service name of the event traffic.

NAT source IP/Port

NAT source address (and port, if applicable) of the event traffic.

NAT destination IP/Port

NAT destination address (and port, if applicable) of the event traffic.