Table of Contents
Advertisement
Network and Security Manager Administration Guide
Table 107: Log Investigator Analysis
Data Type A (Left
Axis)
Multiple Rows
Multiple Rows
One Row
One Row
786
application server at the same time. You could eliminate the bottleneck by adding another
application server to the network or restricting access to the existing server.
Using Cells
Each cell in the Log Entry matrix represents events that occur at the intersection of two
data types. When selecting a cell, you are evaluating the events that occurred between
those two specific data types (source, destination, subcategory, or destination port)
during a specific time period. Typically, reviewing a cell in the matrix helps you analyze
all events that occur between a data type pair.
For example, to investigate a sudden drop in network performance, set the Left Axis to
Top Sources and the Top Axis to Top Destinations, then review the log entry matrix to
locate a large number for a location pair. You might identify that source A is sending an
unusually large number of transmissions to destination 1. This activity could be a harmless
event, such as an employee archiving multiple large files before leaving work; however,
this activity might be the result of a denial-of-service attack triggered by an internal
trojan. You probably need to get more details, such as destination ports used and attack
subcategories for the events before you can resolve the issue.
Table 107 on page 786 details the benefits of each type of Log Investigator analysis.
Data Type B (Top Axis)
Multiple Columns
One Column
Multiple Column
One Column
Benefit
View all network activity for specific data types. No cells
or columns are selected (default view).
Useful for analyzing events for multiple data types, such
as multiple destinations and multiple sources. To focus
on a specific data type pair, select the intersection cell.
View network activity for a single data type. A single
column is selected.
Useful for analyzing network performance issues, such as
multiple sources generating traffic to a single destination.
View network activity for a single data type. A single row
is selected.
Useful for analyzing attack traffic, such as one source
generating traffic to multiple destinations.
View specific activity between two specific data types. A
single cell is selected.
Useful for analyzing event traffic between two network
components.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers