topic SC4S, Properly Indexing Juniper Netscreen in Splunk Enterprise https://community.splunk.com/t5/Splunk-Enterprise/SC4S-Properly-Indexing-Juniper-Netscreen/m-p/548842#M5643 <P>I recently installed SC4S. For most logs it works as expected; however, it is improperly indexing Juniper Netscreen as osnix with sourctype: nix:syslog. I've tried adding a filter to identify specific IPs as netscreen but it did not work. Any assistance is appreciated</P><P><BR /><STRONG>Example Raw Log:<BR /></STRONG>&lt;133&gt;Apr 19 20:06:42 172.#.#.2/172.#.#.2 SC-NS1-SSG140: NetScreen device_id=SC-NS1-SSG140 [Root]system-notification-00257(traffic): start_time="2021-04-21 17:13:42" duration=0 policy_id=320001 service=tcp/port:8013 proto=6 src zone=Null dst zone=self action=Deny sent=0 rcvd=52 src=10.#.#.133 dst=10.#.#.1 src_port=53563 dst_port=8013 session_id=0 reason=Traffic Denied</P><P><BR /><STRONG>Splunk Results</STRONG><BR />SC-NS1-SSG140: NetScreen device_id=SC-NS1-SSG140 [Root]system-notification-00257(traffic): start_time="2021-04-21 17:13:42" duration=0 policy_id=320001 service=tcp/port:8013 proto=6 src zone=Null dst zone=self action=Deny sent=0 rcvd=52 src=10.#.#.1 dst=10.#.#.133 src_port=53563 dst_port=8013 session_id=0 reason=Traffic Denied</P><P>host = 172.#.#.2/172..#.#.2<BR />index = osnix<BR />sc4s_fromhostip = 172.#.#.150<BR />sc4s_syslog_facility = user<BR />sc4s_syslog_format = rfc3164<BR />sc4s_vendor_product = nix_syslog<BR />source = program:SC-NS1-SSG140<BR />sourcetype = nix:syslog</P> Wed, 21 Apr 2021 17:33:40 GMT jorob 2021-04-21T17:33:40Z SC4S, Properly Indexing Juniper Netscreen https://community.splunk.com/t5/Splunk-Enterprise/SC4S-Properly-Indexing-Juniper-Netscreen/m-p/548842#M5643 <P>I recently installed SC4S. For most logs it works as expected; however, it is improperly indexing Juniper Netscreen as osnix with sourctype: nix:syslog. I've tried adding a filter to identify specific IPs as netscreen but it did not work. Any assistance is appreciated</P><P><BR /><STRONG>Example Raw Log:<BR /></STRONG>&lt;133&gt;Apr 19 20:06:42 172.#.#.2/172.#.#.2 SC-NS1-SSG140: NetScreen device_id=SC-NS1-SSG140 [Root]system-notification-00257(traffic): start_time="2021-04-21 17:13:42" duration=0 policy_id=320001 service=tcp/port:8013 proto=6 src zone=Null dst zone=self action=Deny sent=0 rcvd=52 src=10.#.#.133 dst=10.#.#.1 src_port=53563 dst_port=8013 session_id=0 reason=Traffic Denied</P><P><BR /><STRONG>Splunk Results</STRONG><BR />SC-NS1-SSG140: NetScreen device_id=SC-NS1-SSG140 [Root]system-notification-00257(traffic): start_time="2021-04-21 17:13:42" duration=0 policy_id=320001 service=tcp/port:8013 proto=6 src zone=Null dst zone=self action=Deny sent=0 rcvd=52 src=10.#.#.1 dst=10.#.#.133 src_port=53563 dst_port=8013 session_id=0 reason=Traffic Denied</P><P>host = 172.#.#.2/172..#.#.2<BR />index = osnix<BR />sc4s_fromhostip = 172.#.#.150<BR />sc4s_syslog_facility = user<BR />sc4s_syslog_format = rfc3164<BR />sc4s_vendor_product = nix_syslog<BR />source = program:SC-NS1-SSG140<BR />sourcetype = nix:syslog</P> Wed, 21 Apr 2021 17:33:40 GMT https://community.splunk.com/t5/Splunk-Enterprise/SC4S-Properly-Indexing-Juniper-Netscreen/m-p/548842#M5643 jorob 2021-04-21T17:33:40Z