Monitor All Events
You are here: Monitor > Logs > All Events.
Use this page to view event details associated with session, content filtering, antispam, antivirus, IPS, screen, security intelligence, Web filtering, ATP, and VPN.
All Events page is available on all the SRX Series devices except the SRX5000 line of devices.
Table 1 describes the fields on the All Events page.
Table 1: Fields on the All Events Page
Select the time from the list to view the activity that you are most interested in. Once the time is selected, all of the data presented in your view is refreshed automatically.
You can also use Customize to set a custom date and click Apply to view the specified event logs.
Click the refresh icon to get the latest event information.
Show Hide Columns
This icon is represented by three vertical dots.
Enables you to show or hide a column in the grid.
Export to CSV
You can export the event data to a comma-separated value (.csv) file.
Select the three vertical dots on the right-side of the page and click Export to CSV. The CSV file is downloaded to your local machine. You can download only maximum of 100 event data.
Use the filter text box present above the table grid. The search includes the logical operators as part of the filter string. In the filter text box, when you hover over the icon, it displays an example filter condition. When you start entering the search string, the icon indicates whether the filter string is valid or not.
Click X to clear your search filter.
Click Save Filter to save filters after you specify the filtering criteria.
To save a filter:
Displays the saved filters list.
Hover over the saved filter name to view the query expression. You can delete the saved filter using the delete icon.
Displays the time when the event log was received.
Displays the event log type.
Displays the source zone of the event.
Displays the source IP address from where the event occurred.
Displays the destination zone of the event.
Displays the destination IP of the event occurred.
Displays the destination port of the event.
Displays the application name for which the event logs are generated.
Displays the action taken for the event: warning, allow, and block.
Displays the destination country of the event log.
NAT Source IP
Displays the translated (or natted) source IP address. It can contain IPv4 or IPv6 addresses.
NAT Source Port
Displays the translated source port.
NAT Destination IP
Displays the translated (also called natted) destination IP address.
NAT Destination Port
Displays the translated destination port.
Displays the protocol ID in the event log.
Displays the traffic session ID of the event log.
Displays the username from whom the event log is generated.
Displays the source interface of the event log.
Displays the destination interface of the event log.
Displays the reason for the log generation. For example, a connection tear down may have an associated reason such as authentication failed.
Packets From Client
Displays the number of packets received from the client.
Bytes From Client
Displays the number of bytes received from the client.
Packets From Server
Displays the number of packets received from the server.
Bytes From Server
Displays the number of bytes received from the server.
Displays the time elapsed since the last time interval began.
Displays the port number of the source.
Displays the sequence number of the packets sent.
Displays the message type for the event detected.
Displays the number of events count.
Displays the severity of the threat.
Displays the Common Vulnerabilities and Exposures (CVE) identifiers information.
Packet log ID
Displays the packets ID received before and after the attack for further offline analysis of attacker behavior.
Displays the X-Forwarded-For (XFF) header added to packets by a proxy server that includes the real IP address of the client making the request.
Displays the event profile name.
Displays the filename of the event log.
Displays the arguments that are passed from the event log.
Displays the message ID for negotiation.
Displays the bandwidth utilization for the event log.
Displays the malware name or brief description.
Displays the hostname of device that downloaded the possible malware.
Displays the type of file. Examples: PDF, executable, document.
Displays the a score or threat level for a file.
Displays the number of times the C&C server has attempted to contact hosts on your network.
File Hash Lookup
Displays the hash of the file sent for matching against known malware.
Displays the SHA-256 hash value of the downloaded file.
Displays the name of the file, including the extension.
Displays the accessed URL name that triggered the event.
Displays the email address.
Displays the email address.
Displays the threat/event category.
Displays the object name of the event log.
URL Category Risk
Displays the Web filtering URL category risk level.
Displays the detected virus name.
Displays the name of the source from where event is originated.
Displays the feed name of the event detected.
Displays the rule name of the threats/events log.
Displays the total packet length in Bytes
Displays the event type.
Displays the index number of the IKE SA.