Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Best way to get JunOS logs into Splunk

craigallen
Engager
‎04-29-2010 04:07 PM

Hi,

I am new to Splunk and I am trying to workout the best way to get logs from JunOS based firewalls into Splunk. I am currently using Syslogh, but this isn't getting all the information I am after. Could someone advise the most reliable way of collecting the informaiton?

I am trying to get the logs from Juniper SRX firewalls.

I would also like to know how I could achieve change monitoring as well?

Many thanks

Tags (1)
Reply

jeandez
Explorer
‎03-13-2014 02:36 AM

i am using juniper ISG 2000, i am looking for splunk app, which can monitor my juniper logs. I tried severals apps for juniper, but i got nothing.
My juniper runs on junos.

Could you give me the requisite app, and the documentation ??

thank you

0 Karma
Reply

Simeon
Splunk Employee
Splunk Employee
‎04-29-2010 04:40 PM

I believe most of the Juniper firewalls are capable of sending syslog type output and they also write to log files. I know of multiple use cases where Juniper data is sent via a network input to Splunk. I see two options:

  1. Leverage the log forwarding capability of the firewall and send it to Splunk via a network input (typically port 514 UDP or TCP, and make sure you specify syslog sourcetype)

  2. If you can send the file to a directory on the Splunk system, you could use a basic file or directory monitoring input. You would also want to specify the syslog sourcetype in this configuration.

For more information on creating inputs:

http://www.splunk.com/base/Documentation/latest/Admin/WhatSplunkcanmonitor

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...