Using the Log Investigator
The Log Investigator module enables you to investigate patterns and trends on your
network using data gathered from your log entries. Log entries are generated by a security
device when traffic matches a security policy rule, or when an event occurs that matches
a predefined set of conditions. The Log Investigator uses the event data recorded in the
log entry to identify the destination IP addresses and ports that are attacked most
frequently, the services that are used to attack most frequently, and the source IP
addresses that most frequently generate attacks.
When using NSM to manage large networks with multiple managed devices, you can
potentially receive several hundred log entries in a single day (depending on how you
have configured your devices for logging). The Log Investigator is a helpful tool for
manipulating and correlating a large volume of log entry data so you can identify and
analyze important activity that might threaten your network. By analyzing your data and
then using that knowledge to proactively fine-tune your security policies, you can decrease
risk while increasing security.
This section provides details on the following Log Investigator functionality:
•
“About the Log Investigator UI” on page 779—The Log Investigator main display area
includes a filter summary, a log entry matrix, and two detail panes that display detail
information in table and chart format.
•
“Configuring Log Investigator Options” on page 780—Configure the criteria the Log
Investigator uses to create the matrix, including the time period, Left and Top Axes
settings, the data point count (the number of data points the Log Investigator must
collect before displaying data), and the maximum number of log entries you want the
Log Investigator to use when collecting data.
•
“Setting Log Investigator Filters” on page 783—As in the Log Viewer, you can set filters
on log entry data so the Log Investigator displays only the information you want to see.
Apply multiple filters to data for all log entry columns found in the Log Viewer.
•
“Investigating Log Entry Data” on page 785—After you have configured the Log
Investigator filters, time period, and data options, you are ready to begin investigating
your log entry information. Within any cell the Log Investigator table, you can right-click
and select an option to view specific details, including Destination Ports, Subcategories,
and Time Period.
•
“Zoom Details” on page 787—You can zoom in on specific details about activity between
two data types, select a third data type for comparison, or display details about the
event over time.
•
“Jumping to the Log Viewer” on page 788—You can use the Log Viewer to see the
corresponding log entries that are used in Log Investigator calculations
•
“Excluding Data” on page 788—You can configure the Log Investigator to exclude data
for a cell, row, or column in the Log Investigator matrix.
Copyright © 2010, Juniper Networks, Inc.
778
Network and Security Manager Administration Guide
Summary of Contents for NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Page 6: ...Copyright 2010 Juniper Networks Inc vi...
Page 36: ...Copyright 2010 Juniper Networks Inc xxxvi Network and Security Manager Administration Guide...
Page 52: ...Copyright 2010 Juniper Networks Inc 2 Network and Security Manager Administration Guide...
Page 90: ...Copyright 2010 Juniper Networks Inc 40 Network and Security Manager Administration Guide...
Page 146: ...Copyright 2010 Juniper Networks Inc 96 Network and Security Manager Administration Guide...
Page 236: ...Copyright 2010 Juniper Networks Inc 186 Network and Security Manager Administration Guide...
Page 292: ...Copyright 2010 Juniper Networks Inc 242 Network and Security Manager Administration Guide...
Page 314: ...Copyright 2010 Juniper Networks Inc 264 Network and Security Manager Administration Guide...
Page 368: ...Copyright 2010 Juniper Networks Inc 318 Network and Security Manager Administration Guide...
Page 370: ...Copyright 2010 Juniper Networks Inc 320 Network and Security Manager Administration Guide...
Page 484: ...Copyright 2010 Juniper Networks Inc 434 Network and Security Manager Administration Guide...
Page 584: ...Copyright 2010 Juniper Networks Inc 534 Network and Security Manager Administration Guide...
Page 588: ...Copyright 2010 Juniper Networks Inc 538 Network and Security Manager Administration Guide...
Page 600: ...Copyright 2010 Juniper Networks Inc 550 Network and Security Manager Administration Guide...
Page 678: ...Copyright 2010 Juniper Networks Inc 628 Network and Security Manager Administration Guide...
Page 694: ...Copyright 2010 Juniper Networks Inc 644 Network and Security Manager Administration Guide...
Page 700: ...Copyright 2010 Juniper Networks Inc 650 Network and Security Manager Administration Guide...
Page 706: ...Copyright 2010 Juniper Networks Inc 656 Network and Security Manager Administration Guide...
Page 708: ...Copyright 2010 Juniper Networks Inc 658 Network and Security Manager Administration Guide...
Page 758: ...Copyright 2010 Juniper Networks Inc 708 Network and Security Manager Administration Guide...
Page 788: ...Copyright 2010 Juniper Networks Inc 738 Network and Security Manager Administration Guide...
Page 882: ...Copyright 2010 Juniper Networks Inc 832 Network and Security Manager Administration Guide...
Page 908: ...Copyright 2010 Juniper Networks Inc 858 Network and Security Manager Administration Guide...
Page 918: ...Copyright 2010 Juniper Networks Inc 868 Network and Security Manager Administration Guide...
Page 920: ...Copyright 2010 Juniper Networks Inc 870 Network and Security Manager Administration Guide...
Page 1005: ...PART 6 Index Index on page 957 955 Copyright 2010 Juniper Networks Inc...
Page 1006: ...Copyright 2010 Juniper Networks Inc 956 Network and Security Manager Administration Guide...