Juniper SRX Series Services Gateway
Products of SRX Series are service gateways with high-performance security and advanced, integrated threat intelligence, delivered on the industry’s most scalable and resilient platform. SRX Series gateways set new benchmarks with 100GbE interfaces and feature Express Path technology, which enables up to 1 Tbps performance for the data center.
For log collecting from SRX series device please follow next few steps. First, configure the device then prepare the Logmanager for receive messages.
-
Login to Juniper SRX device via SSH.
-
Now enter to the configuration mode:
configure
-
Enable logging of all messages to the Logmanager:
# command structure: # command syslog host <Logmanager_IP_address> <section> <log_level> set system syslog host <Logmanager_IP_address> any any
Logmanager_IP_address is IP address of your Logmanager server.You can select only concrete section:
Available section values:
section description any log all section change-log log only changelog daemon log only daemon section security log only security section conflict-log log only conflict log -
Set port for Logmanager server:
set system syslog host <Logmanager_IP_address> port 514
Logmanager_IP_address is IP address of your Logmanager server.
To successfully receive and process logs, you need to set up the log classification correctly. The easiest way to do this is to add the IP addresses of the device (or your chosen subnet) to the appropriate IP prefix list.
Some devices in Logmanager do not have their own IP Prefix list and you need to create one or use a classifier - Classifiers. However, an IP prefix list exists for this device, so follow the procedure below.
-
Log in to the web administration Logmanager.
Add the IP address of the Juniper SRX device to the IP prefix list “Juniper-SRX”.
Go to Parser/IP prefix lists:
- Locate the IP prefix list Juniper-SRX.
- Edit with blue pen icon.
- Add the IP addresses of your Juniper SRX devices. (Alternatively, you can use your chosen subnet)
IP prefix lists are used in the vendor-Default-classification template - more Classifier templates.This is standard for most Logmanager installations. If you are using your own classifiers or are unsure about something, please contact your certified partner or help@logmanager.com.