Juniper SRX Firewall Extractions for Splunk

This is a simple package that has much more robust and detailed extractions for Juniper SRX style firewall logs than I was able to find anywhere else. All the fields extracted are based (where possible) on the documented Splunk CIM available online. Note that these are written expressly for the log format that I was able to observe from our firewalls in testing. It's POSSIBLE that it may not conform exactly to your format, but as far as I'm aware, it should. Also note that this adds an explicit sourcetype of "junos" and also maps the extractions to an auto-sourcetype we were seeing being created called "juniper_syslog". This package also adds a Splunk tag of "fw" which will be used along with an updated Juniper Netscreen Extractions add-on version, so that both can be searched with just "tag=fw". You may want to alias junos to something else if that happens to already be in use.

Built by

Latest Version 1.7

September 26, 2012

Compatibility

Not Available

Rating

0

(0)

Log in to rate this app

Support

Not Supported

This is a simple package that has much more robust and detailed extractions for Juniper SRX style firewall logs than I was able to find anywhere else. All the fields extracted are based (where possible) on the documented Splunk CIM available online. Note that these are written expressly for the log format that I was able to observe from our firewalls in testing. It's POSSIBLE that it may not conform exactly to your format, but as far as I'm aware, it should. Also note that this adds an explicit sourcetype of "junos" and also maps the extractions to an auto-sourcetype we were seeing being created called "juniper_syslog". This package also adds a Splunk tag of "fw" which will be used along with an updated Juniper Netscreen Extractions add-on version, so that both can be searched with just "tag=fw". You may want to alias junos to something else if that happens to already be in use.