Juniper Networks Firewall and VPN
The Juniper Networks Firewall and VPN DSM for JSA accepts Juniper Firewall and VPN events by using UDP syslog.
JSA records all relevant firewall and VPN events.
TCP syslog is not supported. You must use UDP syslog.
You can configure your Juniper Networks Firewall and VPN device to export events to JSA.
Log in to your Juniper Networks Firewall and VPN user interface.
Select Configuration >Report Settings >Syslog.
Select the Enable Syslog Messages check box.
Type the IP address of your JSA console or Event Collector.
Click Apply.
You are now ready to configure the log source in JSA.
Configuring JSA to Receive Events
You can configure JSA to receive events from a Juniper Networks Firewall and VPN device.
From the Log Source Type list, select Juniper Networks Firewall and VPN option.
For more information about your Juniper Networks Firewall and VPN device, see your Juniper documentation.
Juniper Networks Firewall Sample Event Message
Use this sample event message to verify a successful integration with JSA.
Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.
Juniper Networks Firewall and VPN sample message when you use the syslog protocol
The following sample event message shows that a user is successfully added to a group.
<164>TSSP-IM-VFW-008: NetScreen device_id =TSSP-IM-VFW-008 [Root]system-warning-00515: Admin user expect has logged on via Telnet from 10.12.2.5 : 37314 (2012-07-25 11:50:21)
JSA field name |
Highlighted payload field name |
---|---|
Source IP |
10.12.2.5 |
Source Port |
37314 |
Event Category |
NetScreen device_id |
Event Name |
Admin + logged on via Telnet |
Event ID |
Admin + user + logged on via Telnet |