Table of Contents
Advertisement
Device Limitations for Viewing Logs
Configuring the Device for Logging
Copyright © 2010, Juniper Networks, Inc.
filters to view a subset of log entries. You can also use column settings and flags to
control how the UI presents log information. The Log Viewer displays each log entry
as it enters the database in realtime, displaying its fields in the Log Viewer. For details,
see "Using the Log Viewer" on page 746.
Log Investigator—Enables you to correlate log data. The Log Investigator is an
exploratory data analysis tool that cross-tabulates on two dimensions. Log entries are
linked to the Log Viewer, to help you perform an interactive analysis. For details, see
"Using the Log Investigator" on page 768.
Audit Log Viewer—Tracks administrative changes made to a managed device by an
NSM administrator. Log-entry details include the administrator that performed the
change, when the change occurred, and the job results. For details, see "Using the Audit
Log Viewer" on page 778.
For J Series devices running Junos 9.0 software and later versions, only partial structured
syslogs are generated for logs. For these devices, all the non-structured log information
is captured in the Details column and specifies "Self" for the Category and SubCategory
columns in Log Viewer. Consequently, the following limitations apply for these devices:
The Jump to Policy feature is not supported.
Log Investigator analysis can only be applied to those partially structured syslogs that
provide the source address and destination address in related columns.
Log Viewer provides only limited support.
Before your managed device can generate log entries or log data, you must configure
your devices and the NSM system for logging. You can configure an individual device to
generate attack, alarm, configuration, information, and self log entries for specific
destinations.
To view log entries and log data in the NSM UI, you must configure the individual device
to generate log information for NSM, and enable one or more severity settings for NSM.
However, you are not required to configure the settings for other destinations if you do
not use those destinations for log management.
At the device level, you can configure how and where the device sends its log entries. For
each destination, you can define:
The category of log entries you want the device to generate and forward to a specific
destination
The severity of log entries you want the device to forward to a specific destination
The severity setting applies to all log types for that destination. For example, if traffic log
entries are enabled for , but the severity setting specifies critical and major severities,
receives only critical and major traffic logs; all other severity traffic log entries are
Chapter 19: Logging
733
Advertisement
Table of Contents
