Re: Best way to get JunOS logs into Splunk

craigallen · ‎04-29-2010

Hi,

I am new to Splunk and I am trying to workout the best way to get logs from JunOS based firewalls into Splunk. I am currently using Syslogh, but this isn't getting all the information I am after. Could someone advise the most reliable way of collecting the informaiton?

I am trying to get the logs from Juniper SRX firewalls.

I would also like to know how I could achieve change monitoring as well?

Many thanks

jeandez · ‎03-13-2014

i am using juniper ISG 2000, i am looking for splunk app, which can monitor my juniper logs. I tried severals apps for juniper, but i got nothing.
My juniper runs on junos.

Could you give me the requisite app, and the documentation ??

thank you

Simeon · ‎04-29-2010

I believe most of the Juniper firewalls are capable of sending syslog type output and they also write to log files. I know of multiple use cases where Juniper data is sent via a network input to Splunk. I see two options:

Leverage the log forwarding capability of the firewall and send it to Splunk via a network input (typically port 514 UDP or TCP, and make sure you specify syslog sourcetype)
If you can send the file to a directory on the Splunk system, you could use a basic file or directory monitoring input. You would also want to specify the syslog sourcetype in this configuration.

For more information on creating inputs:

http://www.splunk.com/base/Documentation/latest/Admin/WhatSplunkcanmonitor

Best way to get JunOS logs into Splunk

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases