Skip to content

Juniper Networks Firewall

Chronicle supports ingesting Juniper Networks firewall security logs in order to visualize network traffic. This integration requires only a very simple security log configuration along with a Chronicle Forwarder.

Chronicle Data Types

  • Firewall
  • Web Proxy

Configuration

Reference: https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-system-stream-security-log-revenue-port-setting.html

Enter the following commands from the CLI:

  • set security log mode stream
  • set security log source-address Device-IP
  • set security log stream cyderes host CYCLOPS-IP
  • set security log stream cyderes format sd-syslog
  • set security log stream cyderes category all

To confirm the security log configuration run the following command:

  • show security log

You should see output similar to this:

mode stream;
source-address <Device-IP>;
stream cyderes {
    format sd-syslog;
    category all;
    host {
        <CYCLOPS-IP>;
    }
}