Supported Platforms
Related Documentation
- J, LN, SRX Series
- Monitoring Overview
- Monitoring Interfaces
- Additional Information
- Junos OS Interfaces Library for Security Devices
Monitoring Reports
On-box reporting offers a comprehensive reporting facility where your security management team can spot a security event when it occurs, immediately access and review pertinent details about the event, and quickly decide appropriate remedial action. The J-Web reporting feature provides one- or two-page reports that are equivalent to a compilation of numerous log entries.
This section contains the following topics:
Threats Monitoring Report
Purpose
Use the Threats Report to monitor general statistics and activity reports of current threats to the network. You can analyze logging data for threat type, source and destination details, and threat frequency information. The report calculates, displays, and refreshes the statistics, providing graphic presentations of the current state of the network.
Action
To view the Threats Report:
- Click Threats Report in the bottom right of the Dashboard, or select Monitor>Reports>Threats in the J-Web user interface. The Threats Report appears.
- Select one of the following tabs:
Table 1: Statistics Tab Output in the Threats Report
Field | Description |
|---|---|
| General Statistics Pane | |
Threat Category | One of the following categories of threats:
|
Severity | Severity level of the threat:
|
Hits in past 24 hours | Number of threats encountered per category in the past 24 hours. |
Hits in current hour | Number of threats encountered per category in the last hour. |
| Threat Counts in the Past 24 Hours | |
By Severity | Graph representing the number of threats received each hour for the past 24 hours sorted by severity level. |
By Category | Graph representing the number of threats received each hour for the past 24 hours sorted by category. |
X Axis | Twenty-four hour span with the current hour occupying the right-most column of the display. The graph shifts to the left every hour. |
Y Axis | Number of threats encountered. The axis automatically scales based on the number of threats encountered. |
| Most Recent Threats | |
Threat Name | Names of the most recent threats. Depending on the threat category, you can click the threat name to go to a scan engine site for a threat description. |
Category | Category of each threat:
|
Source IP/Port | Source IP address (and port number, if applicable) of the threat. |
Destination IP/Port | Destination IP address (and port number, if applicable) of the threat. |
Protocol | Protocol name of the threat. |
Description | Threat identification based on the category type:
|
Action | Action taken in response to the threat. |
Hit Time | Time the threat occurred. |
| Threat Trend in past 24 hours | |
Category | Pie chart graphic representing comparative threat counts by category:
|
Web Filter Counters Summary | |
Category | Web filter count broken down by up to 39 subcategories. Clicking on the Web filter listing in the General Statistics pane opens the Web Filter Counters Summary pane. |
Hits in past 24 hours | Number of threats per subcategory in the last 24 hours. |
Hits in current hour | Number of threats per subcategory in the last hour. |
Table 2: Activities Tab Output in the Threats Report
Field | Function |
|---|---|
| Most Recent Virus Hits | |
Threat Name | Name of the virus threat. Viruses can be based on services, like Web, FTP, or e-mail, or based on severity level. |
Severity | Severity level of each threat:
|
Source IP/Port | IP address (and port number, if applicable) of the source of the threat. |
Destination IP/Port | IP address (and port number, if applicable) of the destination of the threat. |
Protocol | Protocol name of the threat. |
Description | Threat identification based on the category type:
|
Action | Action taken in response to the threat. |
Last Hit Time | Last time the threat occurred. |
| Most Recent Spam E-Mail Senders | |
From e-mail | E-mail address that was the source of the spam. |
Severity | Severity level of the threat:
|
Source IP | IP address of the source of the threat. |
Action | Action taken in response to the threat. |
Last Send Time | Last time that the spam e-mail was sent. |
| Recently Blocked URL Requests | |
URL | URL request that was blocked. |
Source IP/Port | IP address (and port number, if applicable) of the source. |
Destination IP/Port | IP address (and port number, if applicable) of the destination. |
Hits in current hour | Number of threats encountered in the last hour. |
| Most Recent IDP Attacks | |
Attack | |
Severity | Severity of each threat:
|
Source IP/Port | IP address (and port number, if applicable) of the source. |
Destination IP/Port | IP address (and port number, if applicable) of the destination. |
Protocol | Protocol name of the threat. |
Action | Action taken in response to the threat. |
Last Send Time | Last time the IDP threat was sent. |
Traffic Monitoring Report
Purpose
Monitor network traffic by reviewing reports of flow sessions over the past 24 hours. You can analyze logging data for connection statistics and session usage by a transport protocol.
Action
To view network traffic in the past 24 hours, select Monitor>Reports>Traffic in the J-Web user interface. See Table 3 for a description of the report.
Table 3: Traffic Report Output
Field | Description |
|---|---|
| Sessions in Past 24 Hours per Protocol | |
Protocol Name | Name of the protocol. To see hourly activity by protocol, click the protocol name and review the “Protocol activities chart” in the lower pane.
|
Total Session | Total number of sessions for the protocol in the past 24 hours. |
Bytes In (KB) | Total number of incoming bytes in KB. |
Bytes Out (KB) | Total number of outgoing bytes in KB. |
Packets In | Total number of incoming packets. |
Packets Out | Total number of outgoing packets. |
| Most Recently Closed Sessions | |
Source IP/Port | Source IP address (and port number, if applicable) of the closed session. |
Destination IP/Port | Destination IP address (and port number, if applicable) of the closed session. |
Protocol | Protocol of the closed session.
|
Bytes In (KB) | Total number of incoming bytes in KB. |
Bytes Out (KB) | Total number of outgoing bytes in KB. |
Packets In | Total number of incoming packets. |
Packets Out | Total number of outgoing packets. |
Timestamp | The time the session was closed. |
| Protocol Activities Chart | |
Bytes In/Out | Graphic representation of traffic as incoming and outgoing bytes per hour. The byte count is for the protocol selected in the Sessions in Past 24 Hours per Protocol pane. Changing the selection causes this chart to refresh immediately. |
Packets In/Out | Graphic representation of traffic as incoming and outgoing packets per hour. The packet count is for the protocol selected in the Sessions in Past 24 Hours per Protocol pane. Changing the selection causes this chart to refresh immediately. |
Sessions | Graphic representation of traffic as the number of sessions per hour. The session count is for the protocol selected in the Sessions in Past 24 Hours per Protocol pane. Changing the selection causes this chart to refresh immediately. |
X Axis | One hour per column for 24 hours. |
Y Axis | Byte, packet, or session count. |
| Protocol Session Chart | |
Sessions by Protocol | Graphic representation of the traffic as the current session count per protocol. The protocols displayed are TCP, UDP, and ICMP. |
Related Documentation
- J, LN, SRX Series
- Monitoring Overview
- Monitoring Interfaces
- Additional Information
- Junos OS Interfaces Library for Security Devices
Published: 2014-12-07
Supported Platforms
Related Documentation
- J, LN, SRX Series
- Monitoring Overview
- Monitoring Interfaces
- Additional Information
- Junos OS Interfaces Library for Security Devices
