Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Juniper Networks Junos OS

The Juniper Junos OS Platform DSM for JSA accepts events that use syslog, structured-data syslog, or PCAP (SRX Series only). JSA records all valid syslog or structured-data syslog events.

The Juniper Junos OS Platform DSM supports the following Juniper devices that are running Junos OS:

  • Juniper M Series Multiservice Edge Routing

  • Juniper MX Series Ethernet Services Router

  • Juniper T Series Core Platform

  • Juniper SRX Series Services Gateway

For information on configuring PCAP data that uses a Juniper Networks SRX Series appliance, see Configure the PCAP Protocol.

Note:

For more information about structured-data syslog, see RFC 5424 at the Internet Engineering Task Force: http://www.ietf.org/

Before you configure JSA to integrate with a Juniper device, you must forward data to JSA using syslog or structured-data syslog.

  1. Log in to your Juniper platform command-line interface (CLI).

  2. Include the following syslog statements at the set system hierarchy level:

    [set system] syslog {host (hostname) {facility <severity>; explicit-priority; any any; authorization any; firewall any;

    } source-address source-address; structured-data {brief;} }

    The following table lists and describes the configuration setting variables to be entered in the syslog statement.

    Parameter

    Description

    host

    Type the IP address or the fully qualified host name of your JSA.

    Facility

    Define the severity of the messages that belong to the named facility with which it is paired. Valid severity levels are:

    • Any

    • None

    • Emergency

    • Alert

    • Critical

    • Error

    • Warning

    • Notice

    • Info

    Messages with the specified severity level and higher are logged. The levels from emergency through info are in order from highest severity to lowest.

    Source-address

    Type a valid IP address configured on one of the router interfaces for system logging purposes.

    The source-address is recorded as the source of the syslog message send to JSA. This IP address is specified in the host host name statement set system syslog hierarchy level; however, this is not for messages directed to the other routing engine, or to the TX Matrix platform in a routing matrix.

    structured-data

    Inserts structured-data syslog into the data.

    You can now configure the log source in JSA.

    The following devices are auto discovered by JSA as a Juniper Junos OS Platform devices:

    • Juniper M Series Multiservice Edge Routing

    • Juniper MX Series Ethernet Services Router

    • Juniper SRX Series

    • Juniper EX Series Ethernet Switch

    • Juniper T Series Core Platform

    Note:

    Due to logging similarities for various devices in the Junos OS family, expected events might not be received by the correct log source type when your device is automatically discovered. Review the automatically created log source for your device and then adjust the configuration manually. You can add any missed log source type or remove any incorrectly added log source type.

Syslog Log Source Parameters for Juniper Junos OS

If JSA does not automatically detect the log source, add Juniper Junos OS log source on the JSA Console by using the Syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Syslog events from Juniper Junos OS:

Table 1: Syslog Log Source Parameters for the Juniper Junos OS DSM

Parameter

Value

Log Source type

  • Juniper Junos OS Platform

  • Juniper M Series Multiservice Edge Routing

  • Juniper MX Series Ethernet Services Router

  • Juniper SRX Series Services Gateway

  • Juniper T Series Core Platform

Protocol Configuration

Syslog

For more information about your Juniper device, see your vendor documentation.

Configure the PCAP Protocol

The Juniper SRX Series appliance supports forwarding of packet capture (PCAP) and syslog data to JSA.

Syslog data is forwarded to JSA on port 514. The IP address and outgoing PCAP port number are configured on the Juniper Networks SRX Series appliance interface. The Juniper Networks SRX Series appliance must be configured in the following format to forward PCAP data:

<IP Address>:<Port>

Where,

  • <IP Address> is the IP address of JSA.

  • <Port> is the outgoing port address for the PCAP data.

For more information about Configuring Packet Capture, see your Juniper Networks Junos OS documentation.

You are now ready to configure the new Juniper Networks SRX Log Source with PCAP protocol in JSA.

PCAP Syslog Combination Log Source Parameters for Juniper SRX Series

If JSA does not automatically detect the log source, add a Juniper SRX Series log source on the JSA Console by using the PCAP Syslog Combination protocol.

JSA detects the syslog data and adds the log source automatically. The PCAP data can be added to JSA as Juniper SRX Series Services Gateway log source by using the PCAP Syslog combination protocol. Adding the PCAP Syslog Combination protocol after JSA auto discovers the Junos OS syslog data adds a log source to your existing log source limit. Deleting the existing syslog entry, then adding the PCAP Syslog Combination protocol adds both syslog and PCAP data as single log source.

When using the PCAP Syslog Combination protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect PCAP Syslog Combination events from Juniper SRX Series:

Table 2: PCAP Syslog Combination Log Source Parameters for the Juniper SRX Series DSM

Parameter

Value

Log Source type

Juniper SRX Series Services Gateway

Juniper Junos OS Sample Event Message

Use this sample event message to verify a successful integration with JSA.

Note:

Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Juniper MX Series Ethernet Services Router sample message when you use the Syslog protocol

The following sample event message shows that a member is successfully added to a group.

Table 3: Highlighted Fields

JSA field name

Highlighted payload field name

Log Source Time

Oct 14 10:16:59

Event ID

JSERVICES_SESSION_CLOSE

IP address

10.253.200.191

Source Port

39718