Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
Table 100 on page 759 lists and describes the Predefined log views.
Table 100: Predefined Log Views
Log Type
Critical
Alarm
IDP/DI
Screen
Traffic
Info
Config
Self
Backdoor
PolicyLogViewer
Profiler
Scans
Creating Custom Views and Folders
A custom view enables you to organize log entries in a format that is most helpful to you.
Because the custom view is based on filters, incoming log entries that match the filter
criteria are automatically displayed in the view. You do not need to reapply the view to
new logs.
You might want to create views to help manage the following situations:
Workflow—To help a team of security administrators work together to investigate and
resolve incidents, create a view that filters on the flag column of the Log Viewer to
indicate the status of each log entry and assignment.
Attackers—To track the activities of a known attacker, create a view that filters on a
specific source IP. The source IP address of an attack appears in the source address
Displays all logs filtered by
Severity—Critical
Category—Alarm
Category—Custom, Predefined
Category—Screen
Category—Traffic
Category—Info
Category—Config
Category—Self
Subcategory—Backdoor Detected (Traffic),
Backdoor Dropped (Traffic)
Policy, Rule #, Rule Domain, Rule Domain Ver,
Rulebase
Category—Profiler
Subcategory—Distributed Port Scan, Distributed
Port Scan in Progress, ICMP Sweep, ICMP Sweep In
Progress, Network Scan , Network Scan In Progress,
TCP Port Scan, TCP Port Scan In Progress, TSIG
Session Rate Exceeded, UDP Port Scan, UDP Port
Scan In Progress
Chapter 19: Logging
759
Advertisement
Table of Contents
