Table 88: Event-Generated Log Entries; About Log Entries; About Log Events - Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

About Log Entries

Table 88: Event-Generated Log Entries

Events
Attack, Alarm, Other
VPN Events
Configuration,
Information, Self, Policy,
Traffic
Flow, Ethernet, Attack,
Policy
Protocol Distribution
714
It may be helpful to visualize log entries being sent or pushed from the device to the NSM
Device Server, which then pushes the log entries to the logging database. A UI module
(the Log Viewer or Report Manager) requests or pulls the log entries in the logging
database and displays the entries in the UI.
A managed device generates a log entry when an event matches the configured logging
conditions. The log entry, which contains details of the event, is sent to the NSM Device
Server and stored in the logging database. You can view log entries in the NSM UI.
In a single log entry, you can view detailed information about where traffic comes from
(the source address), where traffic goes (the destination address), and a description of
the event that triggered the log entry. You can also view summarized information about
events and alarms for multiple log entries. This data can help you analyze log entries and
determine the effectiveness of your current security policies and device configurations.

About Log Events

Managed devices generate log entries based on events. Typically, devices generate log
entries when:
An event matches a rule in which logging is enabled. When you configure a rule for
logging, the device creates a log entry for each event that matches that rule.
An event matches a predefined set of conditions configured on a managed device or
the management system.
Some events generate log entries that appear in the Log Viewer, while others appear in
the Realtime Monitor. Table 88 on page 714 details event-generated log entries.
Description
Generates log entries for events related to network activity on the device
that violates a set threshold.
Generates log entries for events related to VPN tunnels. These log entries
are used to produce statistical information for monitoring.
Generates log entries for events related to device configuration, NSM
configuration, security policy rules, and traffic activity on the managed
device.
Generates log entries for events related to packet flow, Ethernet objects,
network attacks, and security policy rules. These log entries are used to
produce statistical information for monitoring.
Generates log entries for events related to protocols used in network
activity. These log entries are used to produce statistical information for
monitoring.
Destination
Log Viewer
Realtime Monitor
>VPN Monitor
Log Viewer
Realtime Monitor
>Device Monitor
Realtime Monitor
>Device Monitor
Copyright © 2010, Juniper Networks, Inc.