[Report an Error]

Monitoring Security Events by Policy

You can monitor security events by policy and display logged event details with the J-Web interface.

  1. Select Monitor>Events and Alarms>Security Events. The View Policy Log pane appears. Table 5 explains the content of this pane.

    If your device is not configured to store session log files locally, the Create log configuration button is displayed in the lower-right portion of the View Policy Log pane.

    If session logs are being sent to an external log collector (stream mode has been configured for log files), a message appears indicating that event mode must be configured to view policy logs. Keep in mind that reverting to event mode will discontinue event logging to the external log collector.

  2. Enter one or more search fields in the View Policy Log pane and click Search to display events matching your criteria.

    For example, enter the event type Session Close and the policy pol1 to display event details from all Session Close logs that contain the specified policy. To reduce search results further, add more criteria about the particular event or group of events that you want displayed.

    The Policy Events Detail pane displays information from each matching session log. Table 6 explains the contents of this pane.

Table 88: View Policy Log Fields

Field

Value

Log file name

Name of the event log files to search.

Policy name

Name of the policy of the events to be retrieved.

Source address

Source address of the traffic that triggered the event.

Destination address

Destination address of the traffic that triggered the event.

Event type

The type of event that was triggered by the traffic.

Application

Application of the traffic that triggered the event.

Source port

Source port of the traffic that triggered the event.

Destination port

Destination port of the traffic that triggered the event.

Source zone

Source zone of the traffic that triggered the event.

Destination zone

Destination zone of the traffic that triggered the event.

Source NAT rule

The source NAT rule of the traffic that triggered the event.

Destination NAT rule

The destination NAT rule of the traffic that triggered the event.

Table 89: Policy Events Detail Fields

Field Value

Timestamp

The time when the event occurred.

Policy name

The policy that triggered the event.

Record type

The type of event log providing the data.

Source IP\Port

Source address (and port, if applicable) of the event traffic.

Destination IP/Port

Destination address (and port, if applicable) of the event traffic.

Service name

Service name of the event traffic.

NAT source IP/Port

NAT source address (and port, if applicable) of the event traffic.

NAT destination IP/Port

NAT destination address (and port, if applicable) of the event traffic.


[Report an Error]