CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


CPUG Challenge 2018?? We will be holding another CPUG Challenge for 2018.
The plan is to time it around CPX again (earlier this year), but not necessarily limit it to those in attendance.
I'll provide more details as we get a bit closer, but be ready! -E

 

Results 1 to 6 of 6

Thread: Juniper SRX Log-Parser

  1. #1
    Join Date
    2008-01-25
    Location
    Karlsruhe / Germany
    Posts
    15
    Rep Power
    0

    Default Juniper SRX Log-Parser

    Hi there,

    SmartLog is very sexy, so I will try to move other vendors firewall logs to smartlog database, too.
    First I tried with Cisco ASA. Out of the box it looked good so far.
    Next I tried Juniper SRX, but there the result was unconvincingly.

    I learned that I need to build a parser using the Eventia Log Parsing Editor.

    The first try failed.
    Anyone with SRX Log Parser experience in here? :o)

    BR
    Sven

  2. #2
    Join Date
    2014-11-14
    Location
    Ottawa Canada
    Posts
    364
    Rep Power
    4

    Default Re: Juniper SRX Log-Parser

    You might find a bit more information from Juniper... In the end, it is their logs you need to learn how to parse, and they (should) know how their logs are set up.

    But that is an interesting proposition...

  3. #3
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,476
    Rep Power
    8

    Default Re: Juniper SRX Log-Parser

    Quote Originally Posted by Chili View Post
    Hi there,

    SmartLog is very sexy, so I will try to move other vendors firewall logs to smartlog database, too.
    First I tried with Cisco ASA. Out of the box it looked good so far.
    Next I tried Juniper SRX, but there the result was unconvincingly.

    I learned that I need to build a parser using the Eventia Log Parsing Editor.

    The first try failed.
    Anyone with SRX Log Parser experience in here? :o)

    BR
    Sven
    Here is a pretty darn indepth howto for creating customer parsers using VMWare NSX firewall logs as an example.

    Redirecting NSX firewall syslogs into SmartLog

    Agree though that you need to understand how the logs are formatted as well.

  4. #4
    Join Date
    2006-09-26
    Posts
    3,053
    Rep Power
    15

    Default Re: Juniper SRX Log-Parser

    Quote Originally Posted by jflemingeds View Post
    Here is a pretty darn indepth howto for creating customer parsers using VMWare NSX firewall logs as an example.

    Redirecting NSX firewall syslogs into SmartLog

    Agree though that you need to understand how the logs are formatted as well.
    What's wrong with Splunk? The best product on the market bar none. I was not a fan of splunk before but I am a big fan of splunk now. multi-vendors

  5. #5
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,476
    Rep Power
    8

    Default Re: Juniper SRX Log-Parser

    Quote Originally Posted by cciesec2006 View Post
    What's wrong with Splunk? The best product on the market bar none. I was not a fan of splunk before but I am a big fan of splunk now. multi-vendors
    Other then its not included in the price of the management server, nothing I would say.

  6. #6
    Join Date
    2008-01-25
    Location
    Karlsruhe / Germany
    Posts
    15
    Rep Power
    0

    Default Re: Juniper SRX Log-Parser

    There is no problem with Splunk. The only issue is: Splunk is not available in my environment atm, but the Check Point Logserver is already there and has a lot of unused ressources. ;o)

Similar Threads

  1. UTM-1 Edge W VPN to Juniper
    By Dandm in forum Check Point UTM-1 Edge Appliances
    Replies: 0
    Last Post: 2013-04-25, 10:46
  2. checkpoint to Juniper VPN
    By macbean in forum Interoperability
    Replies: 9
    Last Post: 2011-02-21, 16:18
  3. FDE profile parser issue?
    By axel.2011 in forum Full Disk Encryption (FDE) (Formerly Pointsec)
    Replies: 1
    Last Post: 2009-03-11, 15:35
  4. Checkpoint to Juniper VPN
    By tdvit in forum Interoperability
    Replies: 4
    Last Post: 2008-06-11, 02:47
  5. Checkpoint to Juniper VPN
    By tdvit in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2007-05-31, 06:03

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •