Viewing Logs - Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide
Table 92: Log Entry Severity Levels for ScreenOS and IDP Devices (continued)
NSM Severity Severity
Major Critical
Minor Error
Device_warning_log Warning
Info Notification
Information
Not Set Other

Viewing Logs

732
Description
Log entries triggered when traffic matches a major severity attack object.
Also includes log entries triggered by changes in the device function, such as
high availability (HA) status changes.
Log entries triggered when traffic matches a minor severity attack object.
Also includes log entries triggered by errors in device function, such as a
failure in antivirus scanning or in communicating with SSH servers.
Log entries triggered when traffic matches a warning severity attack object.
Also includes log entries triggered by questionable device activity, such as a
failure to connect to e-mail servers and authentication failures, timeouts,
and successes.
Log entries triggered when traffic matches an informational severity attack
object. Also includes log entries triggered by normal events, such as device
configuration changes.
Log entries triggered by general system operations such as when a device
connects or disconnects.
No severity is set.
NOTE: From NSM release 2008.1 onwards, critical and warning logs from ScreenOS
and IDP devices are displayed as Device_critical_log and Device_warning_log. If upgrading
from an earlier release, you may need to modify your action manager criteria to match
the new conventions.
NSM logging tools provide a high-level view of the activity on your network, enabling you
to view summaries as well as detailed information. You can choose to view log entries
for an event that occurs across domains (you must have the requisite permissions), as
well as for specific device groups, clusters, firewalls, and so on.
Because you collect log entries from multiple devices, log analyzing, log volume, and log
management are important concerns. To control the amount of log data displayed on
screen, use tools such as filters, flags, and custom views to help identify patterns, and
even isolate log entries from devices that appear to be the source of problems. For further
investigation, use the Log Investigator tools to cross-tabulate source, destination, and
attacks. Based on your analysis, you can then edit the rules in your security policies to
modify how NSM handles your log entries.
NSM includes three primary logging modules:
Log Viewer—Presents complete, summarized, or detailed log-entry information in a
table format. You can view an individual log entry to analyze the raw log data, or use
Copyright © 2010, Juniper Networks, Inc.