Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] NetScreen-Remote Security Client Traffic and Packet Log

0

0

Article ID: KB4269 KB Last Updated: 04 Jun 2010Version: 6.0
Summary:

NetScreen-Remote Security Client Traffic and Packet Log

Symptoms:


 

Solution:
The following tables provide descriptions of the information recorded in NetScreen-Remote Security Client logs. There are two different views (Local and Source) available for the Security, Traffic, and Packet Logs, providing different angles on the information in logged events. These views are recorded in separate tables. The System Log offers only the Local view.

note: This articles refers to the NetScreen-Remote Security Client only, and not the NetScreen-Remote VPN Client.

Security Log - Remote Host

Column Heading

What the Info Means

Time

The exact date and time that the event was logged.

Security Type

Type of hacking attempt, such as Port Scan, Denial of Service, Trojan horse, etc.

Severity

One of three levels - Critical, Major, and Minor.

Direction

Incoming or Outgoing - most attacks are Incoming, that is, they are originating from another computer and are attempting to enter yours. Other attacks, however, like Trojan horses, are programs that you might download onto your computer that then attack from within your computer, and are considered Outgoing.

Protocol

The type of protocol used in the attempted attack - TCP, UDP, ICMP.

Remote Host

Name of the computer from which the traffic was sent.

Local IP

The IP address of the machine being attacked - this is most likely your machine.

Application Involved

This column provides the name and path of the application involved in the log event.

Count

Number of attacks logged.

Begin Time

The time that the attack attempt began.

End Time

The time that the attack attempt ended.


 

Security Log - Destination Host

Column Heading

What the Info Means

Time

The exact date and time that the event was logged.

Security Type

Type of hacking attempt, such as Port Scan, Denial of Service, Trojan horse, etc.

Severity

One of three levels - Critical, Major, and Minor.

Direction

Incoming or Outgoing - most attacks are Incoming, that is, they are originating from another computer and are attempting to enter yours. Other attacks, however, like Trojan horses, are programs that you might download onto your computer that then attack from within your computer, and are considered Outgoing.

Protocol

The type of protocol used in the attempted attack - TCP, UDP, ICMP.

Destination Host

Name of the computer that the traffic was sent to - most likely your computer.

Source IP

The IP address of the attempted attack source.

Application Involved

This column provides the name and path of the application involved in the log event.

Count

Number of attacks logged.

Begin Time

The time that the attack attempt began.

End Time

The time that the attack attempt ended.


System Log

Column Heading

What the Info Means

Time

The exact date and time that the event was logged.

Type

The type of event - this will be an Error, Warning, or Information. An Error log indicates a problem with the source, a Warning log indicates a potential problem, and an Information log merely provides information on an event involving NetScreen-Remote Security Client.

ID

The ID assigned to the event by NetScreen-Remote Security Client.

Summary

Brief explanation of the logged event.


Traffic Log - Remote Host

Column Heading

What the Info Means

Time

The exact date and time that the event was logged.

Action

Action taken by NetScreen-Remote Security Client: Blocked or Allowed.

Protocol

Type of protocol - UDP, TCP, ICMP.

Direction

Which way the traffic was moving: into your computer (Incoming) or out of your computer (Outgoing).

Remote Host

The IP address of the remote machine involved in the traffic (either sending or receiving the traffic).

Remote Port/ICMP Type

Port/ICMP type used by application.

Local IP

Your IP address.

Local Port/ICMP Code

Port/ICMP code used on your computer for this traffic.

Application Involved

This column provides the name and path of the application involved in the security attack.

Count

Number of events that occurred in this period.

Begin Time

The beginning time of the event.

End Time

The time the event ended.

Rule Name

The rule that determined the passing or blockage of this traffic. If you were blocking certain applications, this column might read "Block_All". If NetScreen-Remote Security Client is running at the Normal security level, this might read "Ask all running apps".


Traffic Log - Destination Host

Column Heading

What the Info Means

Time

The exact date and time that the event was logged.

Action

Action taken by NetScreen-Remote Security Client: Blocked or Allowed.

Protocol

Type of protocol - UDP, TCP, ICMP.

Direction

Which way the traffic was moving: into your computer (Incoming) or out of your computer (Outgoing).

Destination Host

The IP address of the machine TO which the traffic was sent.

Destination Port/ICMP Type

The Port or ICMP type TO which the traffic was sent.

Source IP

The IP address of the machine FROM which the traffic was sent.

Source Port/ICMP Code

The Port or ICMP type FROM which the traffic was sent.

Application Involved

This column provides the name and path of the application involved in the security attack.

Count

Number of events that occurred in this period.

Begin Time

The beginning time of the event.

End Time

The time the event ended.

Rule Name

The rule that determined the passing or blockage of this traffic. If you were blocking certain applications, this column might read, "Block_All". If NetScreen-Remote Security Client is running at the Normal security level, this might read "Ask all running apps".


Packet Log - Remote Host

Column Heading

What this Info Means

Time

The exact date and time that the event was logged.

Remote IP

The IP address of the sender or recipient of the data being logged.

Remote Host Name

The name of the host computer.

Remote Port

The virtual port being used for this data.

Local IP

Your IP address.

Local Port

The port being accessed for this data.


 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search