Events and Alarms
- Checking Active Alarms
- Monitoring System Log Messages with the J-Web Event Viewer
- Monitoring Security Events by Policy
Checking Active Alarms
To monitor alarms on the device, select Monitor>Events and Alarms>View Alarms in the J-Web user interface. The J-Web View Alarms page displays information about preset system and chassis alarms.
Alternatively, you can enter the following show commands in the CLI editor:
- show chassis alarms
- show system alarms
The J-Web View Alarms page displays the following information about each alarm:
- Type—Type of alarm: System, Chassis, or All.
- Severity—Severity class of the alarm: Minor or Major.
- Description—Description of the alarm.
- Time—Time that the alarm was registered.
To filter which alarms are displayed, use the following options:
- Alarm Type—Specify which type of alarm to monitor: System, Chassis, or All. System alarms include FRU detection alarms (power supplies removed, for instance). Chassis alarms indicate environmental alarms such as temperature.
- Severity—Specify the alarm severity that you want to monitor: Major, Minor, or All. A major (red) alarm condition requires immediate action. A minor (yellow) condition requires monitoring and maintenance.
- Description—Enter a brief synopsis of the alarms you want to monitor.
- Date From—Specify the beginning of the date range that you want to monitor. Set the date using the calendar pick tool.
- To—Specify the end of the date range that you want to monitor. Set the date using the calendar pick tool.
- Go—Executes the options that you specified.
- Reset—Clears the options that you specified.
Monitoring System Log Messages with the J-Web Event Viewer
To monitor errors and events that occur on the device, select Monitor>Events and Alarms>View Events in the J-Web user interface.
The J-Web View Events page displays the following information about each event:
- Process—System process that generated the error or event.
- Severity— A severity level indicates how seriously
the triggering event affects routing platform functions. Only messages
from the facility that are rated at that level or higher are logged.
Possible severities and their corresponding color code are:
- Debug/Info/Notice (Green)—Indicates conditions that are not errors but are of interest or might warrant special handling.
- Warning (Yellow)—Indicates conditions that warrant monitoring.
- Error (Blue)—Indicates standard error conditions that generally have less serious consequences than errors in the emergency, alert, and critical levels.
- Critical (Pink)—Indicates critical conditions, such as hard drive errors.
- Alert (Orange)—Indicates conditions that require immediate correction, such as a corrupted system database.
- Emergency (Red)—Indicates system panic or other conditions that cause the routing platform to stop functioning.
- Event ID—Unique ID of the error or event. The prefix on each code identifies the generating software process. The rest of the code indicates the specific event or error.
- Event Description—Displays a more detailed explanation of the message.
- Time—Time that the error or event occurred.
To control which errors and events are displayed in the list, use the following options:
- System Log File—Specify the name of the system log file that records the errors and events.
- Process—Specify the system processes that generate the events you want to display. To view all the processes running on your system, enter the show system processes CLI command.
- Date From—Specify the beginning of the date range that you want to monitor. Set the date using the calendar pick tool.
- To—Specify the end of the date range that you want to monitor. Set the date using the calendar pick tool.
- Event ID—Specify the specific ID of the error or event that you want to monitor. For a complete list of system error and event IDs, see the Junos OS System Log Messages Reference.
- Description—Enter a description for the errors or events.
- Search—Fetches the errors and events specified in the search criteria.
- Reset—Clears the cache of errors and events that were previously selected.
- Generate Report—Creates an HTML report based on the specified parameters.
Monitoring Security Events by Policy
You can monitor security events by policy and display logged event details with the J-Web interface.
- Select Monitor>Events and
Alarms>Security Events. The View Policy Log pane appears. Table 132 explains the content of this pane.
If your device is not configured to store session log files locally, the Create log configuration button is displayed in the lower-right portion of the View Policy Log pane.
- To store session log files locally, click Create log configuration.
If session logs are being sent to an external log collector (stream mode has been configured for log files), a message appears indicating that event mode must be configured to view policy logs. Keep in mind that reverting to event mode will discontinue event logging to the external log collector.
- To reset the mode option to event, use the set security log command in the CLI.
- Enter one or more search fields in the View
Policy Log pane and click Search to display events
matching your criteria.
For example, enter the event type Session Close and the policy pol1 to display event details from all Session Close logs that contain the specified policy. To reduce search results further, add more criteria about the particular event or group of events that you want displayed.
The Policy Events Detail pane displays information from each matching session log. Table 133 explains the contents of this pane.
Table 132: View Policy Log Fields
Field | Value |
|---|---|
Log file name | Name of the event log files to search. |
Policy name | Name of the policy of the events to be retrieved. |
Source address | Source address of the traffic that triggered the event. |
Destination address | Destination address of the traffic that triggered the event. |
Event type | The type of event that was triggered by the traffic. |
Application | Application of the traffic that triggered the event. |
Source port | Source port of the traffic that triggered the event. |
Destination port | Destination port of the traffic that triggered the event. |
Source zone | Source zone of the traffic that triggered the event. |
Destination zone | Destination zone of the traffic that triggered the event. |
Source NAT rule | The source NAT rule of the traffic that triggered the event. |
Destination NAT rule | The destination NAT rule of the traffic that triggered the event. |
Table 133: Policy Events Detail Fields
| Field | Value |
|---|---|
Timestamp | The time when the event occurred. |
Policy name | The policy that triggered the event. |
Record type | The type of event log providing the data. |
Source IP\Port | Source address (and port, if applicable) of the event traffic. |
Destination IP/Port | Destination address (and port, if applicable) of the event traffic. |
Service name | Service name of the event traffic. |
NAT source IP/Port | NAT source address (and port, if applicable) of the event traffic. |
NAT destination IP/Port | NAT destination address (and port, if applicable) of the event traffic. |