About aya

aya · ‎10-05-2020

Further researching, it's the different between JUNOS standard-format (unstructured) system log and structured system log (RFC 5424). By adding a syslog system and write the events to a file (probably add the receiving timestamps) like Rich suggested definitely would avoid such kind of issue. Thanks again for the quick response the awesome troubleshooting steps!

aya · ‎10-04-2020

problem resolved by adding: set system syslog host <splunk server IP> structured-data brief. Appreciated the help!

aya · ‎10-04-2020

Many thanks! index=* TERM(10.10.10.10) with host ip works, also need to expand the search time range (I use all in this case), found the syslog same date/time but different year though (in my case it's in 2017 or 2016 for two devices, same firmware/model ), going to dig in why it's been parsed like that.

aya · ‎10-02-2020

I have a problem to find some juniper devices syslog on the splunk, I did packet capture on the server and could confirm the syslog packet reached the server. it's a windows server 2012 R2, port is UDP 514. There are so many other devices syslog could be found, some of them are the same model and firmware and syslog configurations are identical. splunk version is 6.3.1. How can I troubleshoot?

Posts	4
Solutions	0
Karma Given	1
Karma Received	0
Member Since	‎10-02-2020

Online Status	Offline
Date Last Visited	‎10-05-2020 12:55 PM

How to troubleshoot juniper syslog could not find ...

Re: How to troubleshoot juniper syslog could not f...

Re: How to troubleshoot juniper syslog could not f...

Re: How to troubleshoot juniper syslog could not f...

How to troubleshoot juniper syslog could not find ...