All Apps and Add-ons

dont work Juniper SSG Firewall Log Analysis app

arabgol
New Member

hello ,
how i can add this app to splunk , when i add to splunk and copy extract file" Juniper SSG Firewall Log Analysis" to $splunk/etc/app , dont show to me any things in dashboard,
please help me

0 Karma

adigrio
Path Finder

As jkat54 mentioned, the Splunk Add-on for Juniper is required in order to create the Splunk parsers for Juniper logs. In addition to that, make sure that you run the setup for the Firegen for Juniper app (it should launch automatically when you use it first time). During the setup you have to specify or confirm the index used to collect the Juniper logs. For example, if you collect your logs through an index called "ssg", the setup page should look like this:

alt text

This setting configures the ssg_index macro used by the analyzer app. If the app still doesn't show any stats after you configure the index, make sure that indeed you do have log entries for the time interval that you are trying to analyze. Open a regular search box and just enter the index and the time interval. The search should return the Juniper entries. Confirm that the entries contain fields such as src, dst, action, service, dst_port, sent and rcvd:

alt text

If the fields are not present then it's possible that the Splunk Add-on for Juniper is not installed properly or the log entries are not in the format expected by the add-on. Post a screenshot with the extracted fields if that's the case so we can take a look.

0 Karma

jkat54
SplunkTrust
SplunkTrust

The app requires the Splunk Add-On for Juniper (https://splunkbase.splunk.com/app/2847) in order to create the required sourcetypes.

Do you have the add on installed too?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...