Logmanager documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Logmanager documentation
  2. /
  3. Log source devices configuration
  4. /
  5. Juniper SRX Series Services Gateway

Juniper SRX Series Services Gateway

Products of SRX Series are service gateways with high-performance security and advanced integrated threat intelligence, delivered on the industry’s most scalable and resilient platform. SRX Series gateways set new benchmarks with 100GbE interfaces and feature Express Path technology, which enables up to 1 Tbps performance for data centers.

Configuration

To collect logs from SRX series device, please follow the next few steps. First, configure the device, then prepare Logmanager to receive messages.

Logging configuration SRX device

  1. Log in to Juniper SRX device via SSH.

  2. Now enter to the configuration mode:

    configure

  3. Enable logging of all messages to Logmanager:

    # command structure:
# command syslog host <Logmanager_IP_address> <section> <log_level>
set system syslog host <Logmanager_IP_address> any any
    Logmanager_IP_address is the IP address of your Logmanager server.

    You can only select concrete sections:

    Available section values:

    section description
    any log all section
    change-log log only changelog
    daemon log only daemon section
    security log only security section
    conflict-log log only conflict log

  4. Set the port for the Logmanager server:

    set system syslog host <Logmanager_IP_address> port 514

Logmanager configuration

To successfully receive and process logs, you need to set up the log classification correctly. The easiest way to do this is to add the IP addresses of the device (or your chosen subnet) to the appropriate IP prefix list.

Some devices in Logmanager do not have their own IP Prefix list and you need to create one or use a classifier - Classifiers. However, an IP prefix list exists for this device, so follow the procedure below.

  1. Log in to the web administration Logmanager.

  2. Add the IP address of the Juniper SRX device to the IP prefix list “Juniper-SRX”.

  3. Go to Parser/IP prefix lists:

    • Locate the IP prefix list Juniper-SRX.
    • Edit using the blue pen icon.
    • Add the IP addresses of your Juniper SRX devices. (Alternatively, you can use your chosen subnet)
    IP prefix lists are used in the vendor-Default-classification template - more in Classifier templates.
    This is standard for most Logmanager installations. If you are using your own classifiers or are unsure about something, please contact your certified partner or help@logmanager.com.
gdoc_arrow_left_alt JiveX Kaspersky Security Center gdoc_arrow_right_alt