Table of Contents
Advertisement
Zoom Details
Copyright © 2010, Juniper Networks, Inc.
You can zoom in on specific details about activity between two data types. You can
select a third data type for comparison, or display details about the event over time. To
get details, right-click a cell, row, or column and select Zoom in to see the list of available
data types. Because the Zoom in menu is dynamic, it contains all data types not currently
used for the Left or Top Axis of the Log Investigator matrix. Alternatively, you can select
time as the third data type.
Details appear in the Zoom area, which contains two panes:
The Zoom table (left pane)
The Zoom chart (right pane)
The table and chart use the same information to generate values.
In the following example, the Left Axis is set to Top Sources and the Top Axis is set to
Top Destination (these are the default settings); the filter is set to attacks (for details
on setting the filter, see "Example: Setting Filters in the Log Investigator" on page 774).
To view the service ports on the destination device used by the attacks, right-click a cell
that contains a nonzero value and select Zoom In > Dst Port. In the Zoom area:
The left pane displays a table of service ports listed in descending order (the port
accessed by the most attacks is listed first). The left column lists the Destination Port
Number and the right column lists the number of attacks received by that port number.
Because services are mapped to specific port numbers, you can use the port number
to identify the service used in the attack.
The right pane displays a chart using the same information.
In the following example, the Left Axis is set to Top Sources and the Top Axis is set to
Top Destination (these are the default settings); the filter is set to attacks (for details
on setting the filter, see "Example: Setting Filters in the Log Investigator" on page 774).
To view the individual attacks (the attack subcategories) against the destination device,
right-click a cell that contains a nonzero value and select Zoom In > Subcategory. In the
Zoom area, the left pane displays a table of attack subcategories listed in descending
order (the attack found in the most number of log entries is listed first); the right pane
displays a chart using the same information.
In the following example, the Left Axis is set to Top Sources and the Top Axis is set to
Top Destination (these are the default settings); the filter is set to attacks (for details
on setting the filter, see the example "Example: Setting Filters in the Log Investigator"
on page 774).
To view the time period over which the attacks occurred, right-click a cell that has a
nonzero value and select Zoom In > Time. In the Zoom area, the left pane displays a
table of attacks listed in order (the oldest attack is listed first); the right pane displays a
chart using the same information.
Chapter 19: Logging
777
Advertisement
Table of Contents
