Network and Security Manager Administration Guide
Using Log Viewer Integration
776
The Log Viewer module is integrated with Security Policies and Device Manager modules.
This integration enables you to jump from a log entry in the Log Viewer directly to the
responsible security policy (jump to policy) or managed device (jump to device
configuration).
Jump to Policy
To quickly edit a security policy rule from the Log Viewer, right-click a log entry and select
Goto Policy. NSM opens a new UI window and displays the policy with the rule that
generated the log entry.
If the responsible rule exists within a rule group, the group is automatically expanded
to reveal the rule.
If the responsible rule exists within a VPN created by VPN Manager, the autogenerated
rules appear.
Depending on the object version of the security policy, the rule might appear as read/write
or read-only.
"Object version" refers to a specific modeled configuration; each time you install a
modeled configuration (this includes security policies) on a managed device using NSM,
the management system creates a new object version using the install date and time.
NSM uses database snapshots to detect differences between the running configuration
(installed on the physical device) and modeled configuration. Database snapshots also
enable you to view previous object versions. For details on database snapshots, see
"Automatic Policy Versioning" on page 521.
Other options for archiving and restoring logs and configuration data are also available.
For more information, refer to the Network and Security Manager Installation Guide.
When using the Goto Policy option in the Log Viewer, NSM compares the object version
of the managed device to the current object version. If the responsible rule exists in a
security policy that has the same object version as the security policy installed on the
managed device, you can edit the rule.
However, if the responsible rule exists in a security policy that has a different object
version from the security policy installed on the managed device, you cannot edit the
rule. This typically occurs when you install a security policy on a managed device, then
edit that policy in the NSM UI, but do not update the device with the new policy changes.
Because the responsible rule exists in a policy that belongs to a previous object version,
you cannot make changes to it.
Jump to Device Configuration
To quickly configure a parameter on an individual device from the Log Viewer, double-click
a device in the Device column. NSM displays the device configuration for the device,
enabling you to make changes to the device.
Copyright © 2010, Juniper Networks, Inc.