Monitoring Security Events by Policy
Purpose
Monitor security events by policy and display logged event details with the J-Web user interface.
Action
- Select Monitor>Events and Alarms>Security Events in the J-Web user interface. The View Policy Log pane appears. Table 197 describes the content of this pane.
Table 197: View Policy Log Fields
Field
Value
Log file name
Name of the event log files to search.
Policy name
Name of the policy of the events to be retrieved.
Source address
Source address of the traffic that triggered the event.
Destination address
Destination address of the traffic that triggered the event.
Event type
Type of event that was triggered by the traffic.
Application
Application of the traffic that triggered the event.
Source port
Source port of the traffic that triggered the event.
Destination port
Destination port of the traffic that triggered the event.
Source zone
Source zone of the traffic that triggered the event.
Destination zone
Destination zone of the traffic that triggered the event.
Source NAT rule
Source NAT rule of the traffic that triggered the event.
Destination NAT rule
Destination NAT rule of the traffic that triggered the event.
Is global policy
Specifies that the policy is a global policy.
If your device is not configured to store session log files locally, the Create log configuration button is displayed in the lower-right portion of the View Policy Log pane.
- To store session log files locally, click Create log configuration.
If session logs are being sent to an external log collector (stream mode has been configured for log files), a message appears indicating that event mode must be configured to view policy logs.
Reverting to event mode will discontinue event logging to the external log collector.
- To reset the mode option to event, enter the set security log command.
- Enter one or more search fields in the View Policy Log
pane and click Search to display events matching your criteria.
For example, enter the event type Session Close and the policy pol1 to display event details from all Session Close logs that contain the specified policy. To reduce search results further, add more criteria about the particular event or group of events that you want displayed.
The Policy Events Detail pane displays information from each matching session log. Table 198 describes the contents of this pane.
Table 198: Policy Events Detail Fields
Field | Value |
|---|---|
Timestamp | Time when the event occurred. |
Policy name | Policy that triggered the event. |
Record type | Type of event log providing the data. |
Source IP/Port | Source address (and port, if applicable) of the event traffic. |
Destination IP/Port | Destination address (and port, if applicable) of the event traffic. |
Service name | Service name of the event traffic. |
NAT source IP/Port | NAT source address (and port, if applicable) of the event traffic. |
NAT destination IP/Port | NAT destination address (and port, if applicable) of the event traffic. |
Related Documentation
- Monitoring Overview
- Monitoring Interfaces
- Monitoring Alarms
- Monitoring Events
- Junos OS Interfaces Library for Security Devices