Best way to get JunOS logs into Splunk

craigallen · ‎04-29-2010

Hi,

I am new to Splunk and I am trying to workout the best way to get logs from JunOS based firewalls into Splunk. I am currently using Syslogh, but this isn't getting all the information I am after. Could someone advise the most reliable way of collecting the informaiton?

I am trying to get the logs from Juniper SRX firewalls.

I would also like to know how I could achieve change monitoring as well?

Many thanks

jeandez · ‎03-13-2014

i am using juniper ISG 2000, i am looking for splunk app, which can monitor my juniper logs. I tried severals apps for juniper, but i got nothing.
My juniper runs on junos.

Could you give me the requisite app, and the documentation ??

thank you

Simeon · ‎04-29-2010

I believe most of the Juniper firewalls are capable of sending syslog type output and they also write to log files. I know of multiple use cases where Juniper data is sent via a network input to Splunk. I see two options:

Leverage the log forwarding capability of the firewall and send it to Splunk via a network input (typically port 514 UDP or TCP, and make sure you specify syslog sourcetype)
If you can send the file to a directory on the Splunk system, you could use a basic file or directory monitoring input. You would also want to specify the syslog sourcetype in this configuration.

For more information on creating inputs:

http://www.splunk.com/base/Documentation/latest/Admin/WhatSplunkcanmonitor

Best way to get JunOS logs into Splunk

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!