Current view: XpoLog V7 (Latest). Available: XpoLog V6 and XpoLog V5

Skip to end of metadata
Go to start of metadata

The Juniper analysis App automatically Collect - Read - Parse - Analyzes - Reports all machine generated log data of the server and presents a comprehensive set of graphs and reports to analyze network and firewall generated data. Use a predefined set of dashboards and gadgets to visualize and address the IP's distribution, users behavior, prominent events and logging trends in the network. This logs analysis App helps measure, troubleshoot, and optimize your network integrity, stability and quality with the several visualization and investigation dashboards.

Prerequisites:

  A. Open the relevant ports (TCP\UDP) on the XpoLog machine.
  B. Create a syslog listener on the listeners tab in XpoLog that will listen and collect the log from the Juniper machine.

Juniper Configurations:

Configure Juniper to send logs over Syslog to XpoLog defined listener

System Log - 

    I. For the syslog of the Juniper log, set the logTypes of the syslog to ‘syslog,juniper,audit’.

    II. Apply the following patterns on the log (default pattern):

s

First Pattern:
XPLG:[{timestamp:Timestamp,MM/dd/yyyy HH:mm:ss.SSS}] [{text:Facility}] [{priority:Level,DEBUG;INFO;WARN;ERROR;FATAL}] [{text:Source Device}] {block,start,emptiness=true}{text:Application Name}[{text:Process Id}]: {block,end,emptiness=true}{text:Device,ftype=device} {text:Process}{block,start,emptiness=true}[{text:ID}]{block,end,emptiness=true}: {regexp:User,ftype=username;refName=Message,(user '|User '|for user |password for )[XPLG_PARAM([^\u0027\s]+)].*}{regexp:eventName,ftype=eventName;refName=Message,([A-Z][A-Z]+_[^:]\w+).+}{regexp:SourceIP,ftype=sourceip;refName=message,(from address |from host \u0027|from |ssh-connection \u0027)[XPLG_PARAM([^\s\u0027]+)].*}{regexp:Status,ftype=status;refName=message,Error}{regexp:Password Status,ftype=passstatus;refName=Message,(Accepted|Failed) password}{regexp:Command,ftype=command;refName=Message,command \u0027([^\u0027]+).*}{text:message,ftype=message;,}

Second Pattern:
XPLG:[{timestamp:Timestamp,MM/dd/yyyy HH:mm:ss.SSS}] [{text:Facility}] [{priority:Level,DEBUG;INFO;WARN;ERROR;FATAL}] [{text:Source Device}] {block,start,emptiness=true}{text:Application Name}[{text:Process Id}]: {block,end,emptiness=true}{text:Device} {text:message,ftype=message;,}
  • No labels