All Apps and Add-ons

dont work Juniper SSG Firewall Log Analysis app

arabgol
New Member

hello ,
how i can add this app to splunk , when i add to splunk and copy extract file" Juniper SSG Firewall Log Analysis" to $splunk/etc/app , dont show to me any things in dashboard,
please help me

0 Karma

adigrio
Path Finder

As jkat54 mentioned, the Splunk Add-on for Juniper is required in order to create the Splunk parsers for Juniper logs. In addition to that, make sure that you run the setup for the Firegen for Juniper app (it should launch automatically when you use it first time). During the setup you have to specify or confirm the index used to collect the Juniper logs. For example, if you collect your logs through an index called "ssg", the setup page should look like this:

alt text

This setting configures the ssg_index macro used by the analyzer app. If the app still doesn't show any stats after you configure the index, make sure that indeed you do have log entries for the time interval that you are trying to analyze. Open a regular search box and just enter the index and the time interval. The search should return the Juniper entries. Confirm that the entries contain fields such as src, dst, action, service, dst_port, sent and rcvd:

alt text

If the fields are not present then it's possible that the Splunk Add-on for Juniper is not installed properly or the log entries are not in the format expected by the add-on. Post a screenshot with the extracted fields if that's the case so we can take a look.

0 Karma

jkat54
SplunkTrust
SplunkTrust

The app requires the Splunk Add-On for Juniper (https://splunkbase.splunk.com/app/2847) in order to create the required sourcetypes.

Do you have the add on installed too?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...