Table of Contents
Advertisement
Investigating Log Entry Data
Copyright © 2010, Juniper Networks, Inc.
From the View menu, select Set Filter to display the Filter Summary dialog box.
1.
In the filter list on the left, select Category, then select the following categories in
2.
the right: Predefined, Custom, and Screen.
Click OK to save and apply your changes.
3.
To view the number of attacks between a specific source-destination pair, locate the
Source Address 63.172.115.190 and Destination Address 63.172.115.6, then find the cell
where the two addresses intersect. The Log Investigator displays 140 log entries for this
Source-Destination pair, as shown in Figure 113 on page 759.
Figure 113: View Log Investigator Results
This high value (140) reflects the number of attack log entries that have occurred between
these two IP addresses.
After you have configured the Log Investigator options and set filters as desired, you are
ready to begin investigating your log entry data.
Using Rows and Columns
Each row or column in the Log Entry matrix represents events for a single data type. When
selecting a row or column, you are evaluating how the data type (source, destination,
subcategory, or destination port) for that axis relates to the other axis during a specific
time period. Typically, reviewing a row or column in the matrix helps you analyze all events
for a single data type.
For example, to investigate a sudden drop in performance on a specific destination, set
the Left Axis to Top Sources and the Top Axis to Top Destinations, then select the column
for the destination IP address. For each cell that displays a high number of events received
by that destination, locate the corresponding source IP address. You might determine
that destination 1 is receiving a large number of events from sources A, B, and C. This
activity could be a harmless event, such as multiple users attempting to contact a single
Chapter 18: Logging
759
Advertisement
Table of Contents
