Current view: XpoLog V6. Available: XpoLog V5 and XpoLog V7 (Latest)

Skip to end of metadata
Go to start of metadata

Integration of Juniper logs into XpoLog.

Prerequisites:

  A. Open the relevant ports (TCP\UDP) on the XpoLog machine.
  B. Create a syslog listener on the listeners tab in XpoLog that will listen and collect the log from the Juniper machine.

F5 Configurations:

Configure Juniper to send logs over Syslog to XpoLog defined listener

System Log - 

    I. For the syslog of the Juniper log, set the logTypes of the syslog to ‘syslog,juniper,audit’.

    II. Apply the following pattern on the log (default pattern):

XPLG:[

XPLG:[{timestamp:Timestamp,MM/dd/yyyy HH:mm:ss.SSS}] [{text:Facility}] [{priority:Level,DEBUG;INFO;WARN;ERROR;FATAL}] [{text:Source Device}] {block,start,emptiness=true}{text:Application Name}[{text:Process Id}]: {block,end,emptiness=true}{text:Device} {text:Process}{block,start,emptiness=true}[{text:ID}]{block,end,emptiness=true}: {regexp:User,ftype=username;refName=Message,(user '|User '|password for )[XPLG_PARAM([^\u0027f]+)].}{regexp:eventName,ftype=eventName;refName=Message,([A-Z][A-Z]+_[^:]\w+).+}{regexp:Host,ftype=sourceip;refName=message,(from |ssh-connection \u0027)[XPLG_PARAM([^\s]\d+\.\d+\.\d+\.\d+)].}{regexp:Status,ftype=status;refName=message,Error}{text:message,ftype=message;,}
 

For more information about the log fields, see below the format Conversion Table:

 

Field Name

Description

XpoLog Pattern

Ftype

 

  

 

  • No labels