cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jamesmac
Level 10
Report Inappropriate Content
Message 1 of 2

JunOS firewall data

All,

I have a customer with Juniper firewalls feeding data to a v10.3.4 . Until now we've had the standard set-up:

Data Source VendorJuniper Networks
Data Source ModelJUNOS – Structured-Data Format (ASP)
Data FormatDefault
Data RetrievalSYSLOG (Default)

 

However, the customer is under the impression that this is not sending all the available logs to the SIEM. He says that there is an option for "stream" data, which would pick up more. I think that what he's describing is documented here, at https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-system-stream-s....

 

The existing data source will not work with this (he tried, we had to tell him to revert the change). Is there any plan to support this? And if not, how would I raise a request to get it onto the planned improvements list?

 

Many thanks

 

James 

1 Reply
pbpillai
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: JunOS firewall data

Hi James,

In the Junos CLI commands for set security log stream command, do they have an option for entering structured-data?

The following is a normal syslog command on Junos:

set system syslog host 10.10.10.1 structured-data

I would like to know whether we have an option to enter 'structured-data' after the host field or the filename as below.

set security log stream S1 host 192.0.2.2 structured-data

set security log stream S2 file name file1 structured-data

If yes, you can try the above command & check if it is working.

If not, customer will have to be submit a PER as per KB60021.

Also, please note the structured data syslog format should be as in the below link:

https://apps.juniper.net/syslog-explorer/#msg=RT_FLOW_SESSION_CREATE&sw=Junos%20OS&rel=19.3R1

Regards,

Prashanth B Pillai

McAfee Technical Support

Customer Success Group

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community