Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Juniper Networks Security Binary Log Collector

 

The Juniper Security Binary Log Collector DSM for JSA can accept audit, system, firewall, and intrusion prevention system (IPS) events in binary format from Juniper SRX or Juniper Networks J Series appliances.

The Juniper Networks binary log file format is intended to increase performance when large amounts of data are sent to an event log. To integrate your device with JSA, you must configure your Juniper appliance to stream binary formatted events, then configure a log source in JSA.

Configuring the Juniper Networks Binary Log Format

The binary log format from Juniper SRX or J Series appliances are streamed to JSA by using the UDP protocol. You must specify a unique port for streaming binary formatted events, because the standard syslog port for JSA cannot understand binary formatted events.

The default port that is assigned to JSA for receiving streaming binary events from Juniper appliances is port 40798.

Note

The Juniper Binary Log Collector DSM supports only events that are forwarded in Streaming mode. The Event mode is not supported.

  1. Log in to your Juniper SRX or J Series by using the command-line interface (CLI).
  2. Type the following command to edit your device configuration:

    configure

  3. Type the following command to configure the IP address and port number for streaming binary formatted events:

    set security log stream <Name> host <IP address> port <Port>

    Where:

    • <Name> is the name that is assigned to the stream.

    • <IP address> is the IP address of your JSA console or Event Collector.

    • <Port> is a unique port number that is assigned for streaming binary formatted events to JSA. By default, JSA listens for binary streaming data on port 40798. For a list of ports that are used by JSA , see the JSA Common Ports List technical note.

  4. Type the following command to set the security log format to binary:

    set security log stream <Name> format binary

    Where: <Name> is the name that you specified for your binary format stream in Step 3.

  5. Type the following command to enable security log streaming:

    set security log mode stream

  6. Type the following command to set the source IP address for the event stream:

    set security log source-address <IP address>

    Where: <IP address> is the IP address of your Juniper SRX Series or Juniper J Series appliance.

  7. Type the following command to save the configuration changes:

    commit

  8. Type the following command to exit the configuration mode:

    exit

The configuration of your Juniper SRX or J Series appliance is complete. You can now configure a log source in JSA.

Juniper Security Binary Log Collector Log Source Parameters for Juniper Networks Security Binary Log Collector

If JSA does not automatically detect the log source, add a Juniper Security Binary Log Collector log source on the JSA Console by using the Juniper Security Binary Log Collector protocol.

When using the Juniper Security Binary Log Collector protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Juniper Security Binary Log Collector events from Juniper Security Binary Log Collector:

Table 1: Juniper Security Binary Log Collector Log Source Parameters for the Juniper Security Binary Log Collector DSM

Parameter

Value

Log Source Name

Type a name for your log source.

Log Source Description

Type a description for the log source.

Log Source type

Juniper Security Binary Log Collector

Protocol Configuration

Juniper Security Binary Log Collector

Log Source Identifier

Type an IP address or host name to identify the log source. The identifier address is the Juniper SRX or J Series appliance that generates the binary event stream.

Binary Collector Port

Specify the port number that is used by the Juniper Networks SRX or J Series appliance to forward incoming binary data to JSA. The UDP port number for binary data is the same port that is configured in “ Configuring the Juniper Networks Binary Log Format”.

If you edit the outgoing port number for the binary event stream from your Juniper Networks SRX or J Series appliance, you must also edit your Juniper log source and update the Binary Collector Port parameter in JSA.

To edit the port:

  • In the Binary Collector Port field, type the new port number for receiving binary event data.

  • Click Save.

The port update is complete and event collection starts on the new port number.