×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
abeaulieu
Splunk Employee
Member since: ‎03-29-2021
‎10-28-2021
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-29-2021
Activity Feed
Topics I've Started
View All

Juniper SRX 380

by Splunk Employee in Getting Data In
‎10-20-2021 06:10 AM
‎10-20-2021 06:10 AM
Hi all, asking for a friend. I have a Juniper SRX380 for my firewall, and I am trying to bring data into Splunk on-prem. On the Juniper side, I configured to send to Splunk using the CLI with these commands (below), then committed the configuration: set security log mode stream set security log source-address <SRXip> set security log stream Splunk format sd-syslog set security log stream Splunk host <splunkhostIP> set system syslog host <splunkhostIP> port 1514 One the Splunk side, I configured a UDP listener on port 1514, and gave it the optional "Select from connection", and plopped the SRXip there. I set the source type to be "juniper" from the Juniper-TA. I used wireshark to do a pcap analysis, and noticed that the SRX wasn't communicating with Splunk, I have a hunch that its a Juniper issue, but I'm not a Juniper expert. Problem is that no data is still coming in.  Is there something wrong that I did on either the Juniper side or the Splunk side? Also, I made sure UDP port 1514 was opened. Any trouble shooting tips would be appreciated. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-28-2021 12:25 PM