Viewing Juniper Advanced Threat Prevention Cloud System Log Messages
The Junos OS generates system log messages (also called syslog
messages) to record events that occur on the SRX Series device. Each
system log message identifies the process that generated the message
and briefly describes the operation or error that occurred. Juniper
ATP Cloud logs are identified with a SRX_AAWM_ACTION_LOG or SRX AAMWD entry.
The following example configures basic syslog settings.
set groups global system syslog user * any emergency set groups global system syslog host log kernel info set groups global system syslog host log any notice set groups global system syslog host log pfe info set groups global system syslog host log interactive-commands any set groups global system syslog file messages kernel info set groups global system syslog file messages any any set groups global system syslog file messages authorization info set groups global system syslog file messages pfe info set groups global system syslog file messages archive world-readable
To view events in the CLI, enter the following command:
show log
Example Log Message
<14> 1 2013-12-14T16:06:59.134Z pinarello RT_AAMW - SRX_AAMW_ACTION_LOG [junos@xxx.x.x.x.x.28 http-host="www.mytest.com" file-category="executable" action="BLOCK" verdict-number="8" verdict-source=”cloud/blacklist/whitelist” source-address="x.x.x.1" source-port="57116" destination-address="x.x.x.1" destination-port="80" protocol-id="6" application="UNKNOWN" nested-application="UNKNOWN" policy-name="argon_policy" username="user1" session-id-32="50000002" source-zone-name="untrust" destination-zone-name="trust"] http-host=www.mytest.com file-category=executable action=BLOCK verdict-number=8 verdict-source=cloud source-address=x.x.x.1 source-port=57116 destination-address=x.x.x.1 destination-port=80 protocol-id=6 application=UNKNOWN nested-application=UNKNOWN policy-name=argon_policy username=user1 session-id-32=50000002 source-zone-name=untrust destination-zone-name=trust