Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Example - Configure on-box reporting in J-Web

0

0

Article ID: KB32479 KB Last Updated: 28 Mar 2020Version: 2.0
Summary:

Starting with Junos OS Release 15.1X49-D100, J-Web supports on-box reporting on the SRX. This article shows how to configure and use on-box reporting in J-Web.

Solution:

Notes:

  • In Junos OS Release 15.1X49-D90 and earlier, the event monitor function is available in event mode (Monitor-> Events and Alarms).
  • In Junos OS Release 15.1X49-D100 and later, J-Web has been enhanced to support on-box reporting which works in stream mode (Monitor > Events).

Below are the Techlibrary links for the each function. Please refer to them for more information.

mode (Security Log)
Understanding On-Box Logging and Reporting

 

Example:

Enabling on-box reporting in J-Web

  1. Login to the J-Web, and select Monitor > Events > All Events.

    On-box reporting is enabled by default when you load the factory-default configurations, but if the SRX was upgraded from 15.1X49-D90 or earlier, you need to configure the SRX to use this feature.

    When the feature is not enabled, the following page is displayed:

  2. On the Security Logging screen, do the following:

    Select Stream Mode for the Logging Type.

    Click Enable Traffic Logs to enable security logging. 

    If there is no Syslog server in your environment, you can still use on-box reporting without any Syslog server settings. If you have a Syslog server, add the Syslog sever.

    Click Apply.

  3. If there is no Syslog server setting, the following message will be reported for the notification.
    If it is OK to proceed, click Yes button and commit the configuration.


     

The CLI commands to enable the on-box reporting feature are:

  set security log mode stream
  set security log report

 

Displaying on-box reports

  1. Once the commit is done, select Monitor > Events > All Events.

    A summary of all events will be displayed.

    Clicking the "Attacks" link (highlighted in the red box above) displays the detail of the attacks:

    In the Events hierarchy, the individual functions can be selected for more details:


     

Important note about event mode logs:

Since the supported logging mode was changed from event mode to stream mode, J-Web will not display event mode logs, such as the messages log in the event monitor on 15.1X49-D100 and later. If it is necessary to get the event mode log through J-Web, do the following steps:

1. Select Administration > Devices > Files. and click Log Files.

2. Find a log file which you want to see from the list, and click Download to get the file.

Modification History:
2020-03-27: Article reviewed for accuracy; no changes required.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search