Armor Knowledge Base / Armor Management Portal / Log Management
Create a Remote Log Source (Juniper)
Topics Discussed
To obtain Log Relay and to configure your account for remote log collection, you must have the following AMP permissions added to your account:
- Write Virtual Machine
- Delete Log Management
- Read Log Endpoints
- Read Log Relays
- Write Log Relays
- Delete Log Relays
You can use this document to send Juniper logs to Armor's Security Information & Event Management (SIEM).
This document only applies to:
- SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, SRX650, vSRX
- Juniper SRX (JUNOS 15.X)
- Juniper SRX (JUNOS 17.X)
- Juniper SRX (JUNOS 18.X)
- Juniper SRX (JUNOS 19.X)
Pre-Deployment Considerations
To create a remote Log Relay, you must already have:
- Added Log Relay to your account
- To learn how to add Log Relay to your account, see Obtain Log Relay for Remote Log Collection.
- Configured the system clock
Update Your Juniper Device
Troubleshooting
Verify that logs are formatted correctly, similar to the following example:
May 22 2019 16:11:55 asav-984 : %ASA-4-411004: Interface Management0/0, changed state to administratively down
Additional Documentation
Review the following documentation from Juniper:
- SRX Getting Started - Configure Logging
- SRX Getting Started - Configure System Logging
- SRX Getting Started - Configure Traffic Logging (Security Policy Logs) for SRX Branch Devices
- Junos OS System Logging Facilities and Message Severity Levels
Was this helpful?