Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Overview

In this document we are guiding with the steps to ingest Juniper Firewall SRX series with Seceon SIEM to have a Comprehensive visibility and Proactive Threat Detection in your Environment.

Configuring to send Syslog Messages

...

Using J-Web

  1. Log in to the Juniper SRX device.

  2. Click Configure > CLI Tools > Point and Click CLI in the Juniper SRX device.

  3. Expand System and click Syslog.

  4. In the Syslog page, click Add New Entry placed next to 'Host'.

  5. Enter the IP address of the remote Syslog server (CCE server IP) (i.e., Firewall Analyzer).

  6. Click Apply to save the configuration.

...

Using CLI

  1. Log in to the Juniper SRX device CLI console.

  2. Execute the following command:

user@host#  set system syslog host <IP address of the remote Syslog server (i.e., Firewall Analyzer)> any any

To enable logging for Security policy:

Using J-Web

  • Select Configure > Security > Policy > FW Policies.

  • Click on the policy for which you would like to enable logging.

  • Navigate to Logging/Count and in Log Options, select Log at Session Close Time.

...

Using CLI

  1. Log in to the Juniper SRX device CLI console.

  2. Execute the following command:

user@host# set security policies from-zone trust to-zone untrust policy permit-all then log session-close

Juniper Networks IDP Device (version IDP 50)

Configuring to send Syslog Messages directly from Sensor

...

  • Profiler logs

  • Device connect/disconnect logs

  • Interface UP/DOWN logs

  • Logs for Bypass State Changes 

Configuring to send Syslog Messages from

...

NSM 

  1. Log in to NSM.

  2. Click Action Manager > Action Parameters > Define a Syslog Server in the NSM.

  3. Click Action Manager > Device Log Action Criteria > Category in the NSM.

  4. Select Category = all and Actions = syslog enable

  5. Click Apply to save the changes.

...

  • Interface UP/DOWN logs

  • Logs for Bypass State Changes

...

 Verification

STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .

...

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .

...

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

...