Table of Contents
Advertisement
Network and Security Manager Administration Guide
Jumping to the Log Viewer
Excluding Data
Using the Audit Log Viewer
788
The Log Investigator uses log entry data for calculations, and does not display the actual
log entries. However, you can use the Log Viewer to see the log entries that are used in
Log Investigator calculations.
To see corresponding log entries, right-click a cell, row, or column from the Log Investigator
matrix or the Zoom table and select View in Log Viewer. A new UI window displays the
log entries in the Log Viewer.
You can manually configure the Log Investigator to exclude data for a cell, row, or column
in the Log Investigator matrix. You might want to exclude:
Irrelevant values (such as values from sources or destinations no longer in production)
Abnormally high or low values (to establish a baseline)
Specific data type (source, destination, destination port, subcategory)
High values (when investigating events that generate lower values)
To exclude a specific attack from the Log Investigator calculations, right-click the attack
cell and select Exclude. To help you keep track of excluded values, the Filter Summary
area displays a list of values you have manually excluded.
The Audit Log Viewer monitors administrative events that occur when a NSM administrator
makes changes to a domain. Use the Audit Log Viewer to track changes to your managed
device configurations. You can view audit-log entries for all managed devices in the all
domains you have access to, or you can view entries for the devices in a single domain.
When the disk space reaches the defined limits, old audit log entries are purged.
The Audit Log Viewer appears as one of the modules in the NSM UI. Select the Audit Log
Viewer to display the audit log entry table, device view, and target view, as shown in
Figure 114 on page 789.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
