Versions Compared

Old Version 2

changes.mady.by.user Omry Koschitzky

Saved on

compared with

New Version 3

changes.mady.by.user Omry Koschitzky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Integration of Juniper logs into XpoLogThe Juniper analysis App automatically Collect - Read - Parse - Analyzes - Reports all machine generated log data of the server and presents a comprehensive set of graphs and reports to analyze network and firewall generated data. Use a predefined set of dashboards and gadgets to visualize and address the IP's distribution, users behavior, prominent events and logging trends in the network. This logs analysis App helps measure, troubleshoot, and optimize your network integrity, stability and quality with the several visualization and investigation dashboards.

Prerequisites:

  A. Open the relevant ports (TCP\UDP) on the XpoLog machine.
  B. Create a syslog listener on the listeners tab in XpoLog that will listen and collect the log from the Juniper machine.

F5 Juniper Configurations:

Configure Juniper to send logs over Syslog to XpoLog defined listener

...

    II. Apply the following pattern patterns on the log (default pattern):

XPLGs

First Pattern:

...

XPLG:[{timestamp:Timestamp,MM/dd/yyyy HH:mm:ss.SSS}] [{text:Facility}] [{priority:Level,DEBUG;INFO;WARN;ERROR;FATAL}] [{text:Source Device}] {block,start,emptiness=true}{text:Application Name}[{text:Process Id}]: {block,end,emptiness=true}{text:Device,ftype=device} {text:Process}{block,start,emptiness=true}[{text:ID}]{block,end,emptiness=true}: {regexp:User,ftype=username;refName=Message,(user '|User '|for user |password for )[XPLG_PARAM([^\u0027fu0027\s]+)].*}{regexp:eventName,ftype=eventName;refName=Message,([A-Z][A-Z]+_[^:]\w+).+}{regexp:HostSourceIP,ftype=sourceip;refName=message,(from address |from host \u0027|from |ssh-connection \u0027)[XPLG_PARAM([^\s\u0027]\d+\.\d+\.\d+\.\d+)].*}{regexp:Status,ftype=status;refName=message,Error}{regexp:Password Status,ftype=passstatus;refName=Message,(Accepted|Failed) password}{regexp:Command,ftype=command;refName=Message,command \u0027([^\u0027]+).*}{text:message,ftype=message;,}
 

For more information about the log fields, see below the format Conversion Table:

 


...

Field Name

...

Description

...

XpoLog Pattern

...

Ftype

...

 

...

Second Pattern:
XPLG:[{timestamp:Timestamp,MM/dd/yyyy HH:mm:ss.SSS}] [{text:Facility}] [{priority:Level,DEBUG;INFO;WARN;ERROR;FATAL}] [{text:Source Device}] {block,start,emptiness=true}{text:Application Name}[{text:Process Id}]: {block,end,emptiness=true}{text:Device} {text:message,ftype=message;,}