Hi Folks,
Implementing this morning the Splunk App for Juniper Firewalls, I managed that to work simply configuring on Juniper web interface the destination IP, traffic log and configuring Splunk to collect all the logs at the 514 port. OK, it was very easy to do and now I am very happy with that. However, when I accessed the top menu "Remote Access >> VPN Summary", "my surprise part 1", the page was not showing anything. So, open the the "vpn_summary" view with Splunk's XML editor, "my surprise part two", the code don't have any dashboard definition.
Anyone here has had this experience? Any hint on that? Anyone has developed a VPN dashboard from the scratch using the juniper firewall data? I am looking forward to hearing from you guys, thanks a lot!
Hello, I am unable to display the info on the app. I already configured the port 514 and source type as srx_log and set the edit security log info as this:
root# show
mode stream;
format sd-syslog;
source-address 192.168.1.1;
stream splunk {
format sd-syslog;
host {
192.168.1.2;
port 514;
}
}
if I change the source type from srx_log to syslog, results appear under the normal search
any help will be appreciated
Hi Wagner,
I've just had a look at the "Splunk for Juniper Firewalls" App and you're right, there's no content for the VPN Summary dashboard. My suggestion would be to contact the developer listed on the app download page to get more info.
If you find the rest of the app useful, but don't want to see the 'Remote Access > VPN Summary' menu, you can always remove it from the menu bar by going to:
Manager > User Interface > Navigation Menus > default
And remove the following from the XML:
<collection label="Remote Access">
<view name="vpn_summary"/>
</collection>
On the other hand, you can get brave and make your own dashboard 🙂
I hope this has been of some help!