Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Monitor All Events

You are here: Monitor > Logs > All Events.

Use this page to view event details associated with session, content filtering, antispam, antivirus, IPS, screen, security intelligence, Web filtering, ATP, and VPN.

Note:

All Events page is available on all the SRX Series Firewalls except the SRX5000 line of devices.

Table 1 describes the fields on the All Events page.

Table 1: Fields on the All Events Page

Field

Description

Last

Select the time from the list to view the activity that you are most interested in. Once the time is selected, all of the data presented in your view is refreshed automatically.

You can also use Customize to set a custom date and click Apply to view the specified event logs.

Refresh

Click the refresh icon to get the latest event information.

Show Hide Columns

This icon is represented by three vertical dots.

Enables you to show or hide a column in the grid.

Export to CSV

You can export the event data to a comma-separated value (.csv) file.

Select the three vertical dots on the right-side of the page and click Export to CSV. The CSV file is downloaded to your local machine. You can download only maximum of 100 event data.

Filter Criteria

Use the filter text box present above the table grid. The search includes the logical operators as part of the filter string.

Note:

Starting in Junos OS 23.1R1 Release, J-Web supports the following operators:

  • = (equal to)

  • AND

  • != (not equal to)

  • >= (greater than or equal to)

  • <= (less than or equal to)

  • Nested and/or

J-Web also supports Netmask when searching for IP addresses.

In the filter text box, when you hover over the icon, it displays an example filter condition. When you start entering the search string, the icon indicates whether the filter string is valid or not.

The following filters are available:

  • Source IP

  • Destination IP

  • Session ID

  • Log type

  • User

  • Application

  • Source Zone

  • Destination Zone

  • Source Country

  • Destination Country

  • Source Port

  • Destination Port

  • Protocol

X

Click X to clear your search filter.

Save Filter

Click Save Filter to save filters after you specify the filtering criteria.

To save a filter:

  1. Enter the filter criteria you are looking for in the advanced search box.

  2. Click Save Filter.

  3. Enter a name for the filter and click the tick icon to save it.

Load Filter

Displays the saved filters list.

Hover over the saved filter name to view the query expression. You can delete the saved filter using the delete icon.

View Details

When you hover over the PCAP file, a Detailed View icon appears before the PCAP file. Click the icon to view the log details on the Detailed Log View page.

Click on the download icon on the Detailed Log View page to download the packet capture file. If the files are not available, the download fails and you will receive an error message.

Note:

The download icon will only be available for the IPS attack logs and session close logs.

PCAP

Click the download icon to download the packet capture file.

The PCAP file will be downloaded to your system from the /var/log/pcap/ folder. If the files are not available, the download fails and you will receive an error message.

Note:

The download icon will only be available for the IPS attack logs and session close logs.

Time

Displays the time when the event log was received.

Log Type

Displays the event log type.

Source Zone

Displays the source zone of the event.

Source IP

Displays the source IP address from where the event occurred.

Destination Zone

Displays the destination zone of the event.

Destination IP

Displays the destination IP of the event occurred.

Destination Port

Displays the destination port of the event.

Application

Displays the application name for which the event logs are generated.

Action

Displays the action taken for the event: warning, allow, and block.

Policy

Displays the destination country of the event log.

NAT Source IP

Displays the translated (or natted) source IP address. It can contain IPv4 or IPv6 addresses.

NAT Source Port

Displays the translated source port.

NAT Destination IP

Displays the translated (also called natted) destination IP address.

NAT Destination Port

Displays the translated destination port.

Protocol

Displays the protocol ID in the event log.

Session ID

Displays the traffic session ID of the event log.

User

Displays the username from whom the event log is generated.

Source Interface

Displays the source interface of the event log.

Destination Interface

Displays the destination interface of the event log.

Closure Reason

Displays the reason for the log generation. For example, a connection tear down may have an associated reason such as authentication failed.

Packets From Client

Displays the number of packets received from the client.

Bytes From Client

Displays the number of bytes received from the client.

Packets From Server

Displays the number of packets received from the server.

Bytes From Server

Displays the number of bytes received from the server.

Elapsed Time

Displays the time elapsed since the last time interval began.

Source Port

Displays the port number of the source.

Sequence Number

Displays the sequence number of the packets sent.

Message Type

Displays the message type for the event detected.

Count

Displays the number of events count.

Severity

Displays the severity of the threat.

CVE-ID

Displays the Common Vulnerabilities and Exposures (CVE) identifiers information.

Packet log ID

Displays the packets ID received before and after the attack for further offline analysis of attacker behavior.

XFF

Displays the X-Forwarded-For (XFF) header added to packets by a proxy server that includes the real IP address of the client making the request.

Profile

Displays the event profile name.

File Name

Displays the filename of the event log.

Argument

Displays the arguments that are passed from the event log.

Message

Displays the message ID for negotiation.

Bandwidth

Displays the bandwidth utilization for the event log.

Malware Info

Displays the malware name or brief description.

Hostname

Displays the hostname of device that downloaded the possible malware.

File Category

Displays the type of file. Examples: PDF, executable, document.

Verdict Number

Displays the a score or threat level for a file.

List Hit

Displays the number of times the C&C server has attempted to contact hosts on your network.

File Hash Lookup

Displays the hash of the file sent for matching against known malware.

Sample SHA256

Displays the SHA-256 hash value of the downloaded file.

File Name

Displays the name of the file, including the extension.

URL

Displays the accessed URL name that triggered the event.

Send To

Displays the email address.

Send From

Displays the email address.

Category

Displays the threat/event category.

Object

Displays the object name of the event log.

URL Category Risk

Displays the Web filtering URL category risk level.

Virus Name

Displays the detected virus name.

Source Name

Displays the name of the source from where event is originated.

Feed Name

Displays the feed name of the event detected.

Rule

Displays the rule name of the threats/events log.

Length

Displays the total packet length in Bytes

Type

Displays the event type.

Index

Displays the index number of the IKE SA.