Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk App for Juniper Firewalls

wagnerbianchi
Splunk Employee
Splunk Employee
‎08-21-2013 08:52 AM

Hi Folks,

Implementing this morning the Splunk App for Juniper Firewalls, I managed that to work simply configuring on Juniper web interface the destination IP, traffic log and configuring Splunk to collect all the logs at the 514 port. OK, it was very easy to do and now I am very happy with that. However, when I accessed the top menu "Remote Access >> VPN Summary", "my surprise part 1", the page was not showing anything. So, open the the "vpn_summary" view with Splunk's XML editor, "my surprise part two", the code don't have any dashboard definition.

Anyone here has had this experience? Any hint on that? Anyone has developed a VPN dashboard from the scratch using the juniper firewall data? I am looking forward to hearing from you guys, thanks a lot!

Tags (4)
Reply

alejandrous
New Member
‎01-15-2014 10:44 AM

Hello, I am unable to display the info on the app. I already configured the port 514 and source type as srx_log and set the edit security log info as this:

root# show
mode stream;
format sd-syslog;
source-address 192.168.1.1;
stream splunk {
format sd-syslog;
host {
192.168.1.2;
port 514;
}
}

if I change the source type from srx_log to syslog, results appear under the normal search

any help will be appreciated

0 Karma
Reply

rturk
Builder
‎08-23-2013 05:08 AM

Hi Wagner,

I've just had a look at the "Splunk for Juniper Firewalls" App and you're right, there's no content for the VPN Summary dashboard. My suggestion would be to contact the developer listed on the app download page to get more info.

If you find the rest of the app useful, but don't want to see the 'Remote Access > VPN Summary' menu, you can always remove it from the menu bar by going to:

Manager > User Interface > Navigation Menus > default

And remove the following from the XML:

<collection label="Remote Access">
    <view name="vpn_summary"/>
</collection>

On the other hand, you can get brave and make your own dashboard 🙂

I hope this has been of some help!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...