Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Best way to get JunOS logs into Splunk

craigallen
Engager
‎04-29-2010 04:07 PM

Hi,

I am new to Splunk and I am trying to workout the best way to get logs from JunOS based firewalls into Splunk. I am currently using Syslogh, but this isn't getting all the information I am after. Could someone advise the most reliable way of collecting the informaiton?

I am trying to get the logs from Juniper SRX firewalls.

I would also like to know how I could achieve change monitoring as well?

Many thanks

Tags (1)
Reply

jeandez
Explorer
‎03-13-2014 02:36 AM

i am using juniper ISG 2000, i am looking for splunk app, which can monitor my juniper logs. I tried severals apps for juniper, but i got nothing.
My juniper runs on junos.

Could you give me the requisite app, and the documentation ??

thank you

0 Karma
Reply

Simeon
Splunk Employee
Splunk Employee
‎04-29-2010 04:40 PM

I believe most of the Juniper firewalls are capable of sending syslog type output and they also write to log files. I know of multiple use cases where Juniper data is sent via a network input to Splunk. I see two options:

  1. Leverage the log forwarding capability of the firewall and send it to Splunk via a network input (typically port 514 UDP or TCP, and make sure you specify syslog sourcetype)

  2. If you can send the file to a directory on the Splunk system, you could use a basic file or directory monitoring input. You would also want to specify the syslog sourcetype in this configuration.

For more information on creating inputs:

http://www.splunk.com/base/Documentation/latest/Admin/WhatSplunkcanmonitor

Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...