Hi,
I am new to Splunk and I am trying to workout the best way to get logs from JunOS based firewalls into Splunk. I am currently using Syslogh, but this isn't getting all the information I am after. Could someone advise the most reliable way of collecting the informaiton?
I am trying to get the logs from Juniper SRX firewalls.
I would also like to know how I could achieve change monitoring as well?
Many thanks
i am using juniper ISG 2000, i am looking for splunk app, which can monitor my juniper logs. I tried severals apps for juniper, but i got nothing.
My juniper runs on junos.
Could you give me the requisite app, and the documentation ??
thank you
I believe most of the Juniper firewalls are capable of sending syslog type output and they also write to log files. I know of multiple use cases where Juniper data is sent via a network input to Splunk. I see two options:
Leverage the log forwarding capability of the firewall and send it to Splunk via a network input (typically port 514 UDP or TCP, and make sure you specify syslog sourcetype)
If you can send the file to a directory on the Splunk system, you could use a basic file or directory monitoring input. You would also want to specify the syslog sourcetype in this configuration.
For more information on creating inputs:
http://www.splunk.com/base/Documentation/latest/Admin/WhatSplunkcanmonitor