Creating Per-Session Views; Table 101: Log Viewer Columns - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide
760
column, and the destination IP address of an attack appears in the destination address
column.
Alarms—To quickly access log entries generated by a policy rule that contains an alarm,
create a view that filters on the alarm column. This method is useful when you are
fine-tuning policies to distinguish between genuine attacks and false positives.
Devices—To manage devices in multiple locations that use different investigation
processes, create a separate view for each device at a specific location.
You can create and save custom views using one of the following methods:
Create New View—In the navigation tree, select the Log Viewer module. From the File
menu, select New View. In the New View dialog box, enter a name for the custom view,
enter a name for the folder that you want to save the view in, and click OK. The new
view is displayed in the navigation tree in the folder specified. By default, all new views
are saved in the Others folder. In the main display area, you can then set the desired
filters for the log entries.
Set Filters—In the Log Viewer main display area, set the desired filters for the view.
From the File menu, select Save As. In the New View dialog box, enter a name for the
custom view, enter a name for the folder that you want to save the view in, and click
OK. The new view is displayed in the navigation tree in the folder specified.

Creating Per-Session Views

Log views that you create on the fly, also called "transient" views, (views set from filters
defined in the Report Manager), appear in the Drill Down folder under Log Viewer. These
views remain in this folder until you log out of the UI.
Log Viewer Columns
The Log Viewer contains the columns in Table 101 on page 760. When filtering by column,
the filter affects all log entries.

Table 101: Log Viewer Columns

Column Default
Log ID Default
Time Received Default
Alert Default
User Flag Default
Src Addr No
Dst Addr Default
Meaning
The unique identifier ID for the log entry. The log ID comprises
both a date and an incrementing integer.
The date and the time that the Log Viewer received the log
entry.
Indicates whether an alert flag was generated in response to
the event that generated the log entry.
The UI assignable flag associated with the current log.
The source address of the packet that generated the log.
The destination device to which the packet associated with
the log entry was targeted.
Copyright © 2010, Juniper Networks, Inc.