Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Configure NetFlow in Juniper Switches
- Customer Success & Engineering (Unlicensed)
Overview
We are providing you with the steps to integrate your NetFlow in Juniper Switches with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Log forwarding.
Pre-Requisite
Telnet or SSH into the switch.
Enter privileged mode by typing enable and entering your enable password.
The date, time, and time zone are correctly set on the switch.
You have Telnet or SSH credentials and access to the switch.
You know the IP address of your collector.
Allow port number 6343 from firewall.
Steps of Configuration
Run the following command. Replace <Collector IP> with the IP address of your collector, and <Port> with 6343 port. Replace <sampleRate> with the desired sample-rate egress: 128, 256, 512, or 1024.
set protocols sflow collector <CollectorIP> udp-port <Port>
set interfaces <interface>
set polling-interval 60
set sample-rate egress <sampleRate>
# Example:
# set protocols sflow collector <CCE IP> udp-port 6343
# set sflow interfaces ge-0/0/0
# set sflow polling-interval 60
# set sflow sample-rate egress 1Confirm Settings
Run the following command to confirm the configuration:
show sflow collector
show sflow interfaceVerification of configuration
Verification of configuration can be done in two ways:
From the Collector-Syslog Server (CCE): This can involve logging into the CCE and checking the configuration settings, testing connectivity and functionality of the various components, and comparing the actual results against the expected or desired outcomes.
From the UI: This can involve logging into the user interface and checking the configuration settings, monitoring the logs and flows, and comparing the actual results against the expected or desired outcomes.
Both methods can be used to ensure that the system is properly configured and working as intended.
Using UI
STEP 1:Log in to UI >> System
STEP 2: >> Logs and flows collection status
STEP 3: >>To verify the source device IP from the UI:
Log in to the user interface
Navigate to the "System" section
Look for the "Source Device IP"
Check the IP address that is displayed
Compare the IP address displayed against the expected source device IP
This will allow you to ensure that the system is properly identifying the source device IP and that it matches the expected IP address..
Seceon Inc. All rights reserved. https://www.seceon.com