Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Configuring to send Syslog Messages from SRX device

Using J-Web

  1. Log in to the Juniper SRX device.

  2. Click Configure > CLI Tools > Point and Click CLI in the Juniper SRX device.

  3. Expand System and click Syslog.

  4. In the Syslog page, click Add New Entry placed next to 'Host'.

  5. Enter the IP address of the remote Syslog server (i.e., Firewall Analyzer).

  6. Click Apply to save the configuration.

Using CLI

  1. Log in to the Juniper SRX device CLI console.

  2. Execute the following command:

user@host#  set system syslog host <IP address of the remote Syslog server (i.e., Firewall Analyzer)> any any

To enable logging for Security policy:

Using J-Web

  • Select Configure > Security > Policy > FW Policies.

  • Click on the policy for which you would like to enable logging.

  • Navigate to Logging/Count and in Log Options, select Log at Session Close Time.

Using CLI

  1. Log in to the Juniper SRX device CLI console.

  2. Execute the following command:

user@host# set security policies from-zone trust to-zone untrust policy permit-all then log session-close

Juniper Networks IDP Device (version IDP 50)

Configuring to send Syslog Messages directly from Sensor

  1. Log in to the Juniper Networks IDP device.

  2. Click Device > Report Settings > Enable Syslog in the Juniper Networks IDP device.

  3. Select the Enable Syslog Messages check box.

  4. Click Apply to save the changes.

This configuration will generate syslogs for:

  • All attacks

  • Policy load

  • Restart

This configuration will not provide:

  • Profiler logs

  • Device connect/disconnect logs

  • Interface UP/DOWN logs

  • Logs for Bypass State Changes 

Configuring to send Syslog Messages from NSM 

  1. Log in to NSM.

  2. Click Action Manager > Action Parameters > Define a Syslog Server in the NSM.

  3. Click Action Manager > Device Log Action Criteria > Category in the NSM.

  4. Select Category = all and Actions = syslog enable

  5. Click Apply to save the changes.

This configuration will generate syslogs for:

  • All attacks

  • Policy load

  • Restart

  • Profiler logs

  • Device connect/disconnect logs

This configuration will not provide:

  • Interface UP/DOWN logs

  • Logs for Bypass State Changes

 

  • No labels

Seceon Inc. All rights reserved. https://www.seceon.com