Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Verifying the Syslog Messages from an SRX Series Device

 

Before you begin, you need the following information:

  • Define the IP address and port of the JIMS syslog server listens to.

  • Configure the JIMS server to collect syslog data whenever it detects the occurrence of a logoff event, logon event, or a change in value from the remote server session.

  • SRX Series device

To verify that JIMS can receive the message from a remote syslog client over a UDP and TCP connection:

JIMS supports three types of syslog messages- logon, logoff and modify.

  1. Verify that the syslog message is parsed as logon message. If the syslog message is parsed as a logon message, a logon entry is sent to SRX Series device which is verified by checking the user firewall authentication entry which is generated on SRX Series device:

    The SRX Series device displays an output similar to the following:

  2. If the syslog message is parsed as a logoff message, the correspondent authentication entry is deleted from the SRX series device.
  3. If the syslog message is parsed as a modify message, the authentication entry can be updated from the SRX Series device.