Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Logging and Reporting Overview

    The Junos Space Security Director Logging and Reporting module enables log collection across multiple SRX Series devices and enables log visualization.

    You can use either Security Director Log Collector or Juniper Secure Analytics (JSA) as a Log Collector. For details on deploying and configuring JSA, see Juniper Secure Analytics documentation.

    The Logging and Reporting module provides:

    • Device health and events monitoring.
    • Visualization of security events resulting from complex and dynamic firewall policies using dashboard and event viewer.
    • Device health monitoring of CPU and memory.
    • Alert notification about specific events or upon attaining threshold limits.
    • Scalable virtual machine (VM) based log collection and log collector management.

    Logging

    Logs, also called event logs, provide vital information for managing network security incident investigation and response. Logging provides the following features:

    • Receives events from SRX Series devices and application logs.
    • Stores events for a defined period of time or a set volume of data.
    • Parses and indexes logs to help speed up searching.
    • Provides queries and helps in data analysis and historical events investigation.

    You must configure Security Director and SRX series devices to receive logs. Select Security Director > Devices > Device Management to configure syslog to receive SRX Series device logs.

    For more information, see the following topics:

    Log Director

    Log Director is a plug‐in on the Junos Space Network Management Platform, which is used for system log data collection for SRX Series devices running Junos OS. Log Director consists of two components: Junos Space plug‐in application, VM deployment of log receivers and log storage nodes.

    The Log Collector(s) stores the logs in the hard disk, and the size depends on VM or JA2500 deployment. When the allocation threshold is exceeded, the oldest log file in the directory is deleted to make room for new system logging messages. To permanently store system logging messages, you must archive them to an external device.

    Modified: 2017-03-09