Select Page

SysLog Juniper Devices with Splunk

SPLUNK: (usr/pwd: cloudkod/cloudkod)

Ubuntu:
wget -O splunk-8.0.1-6db836e2fb9e-linux-2.6-amd64.deb ‘https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=8.0.1&product=splunk&filename=splunk-8.0.1-6db836e2fb9e-linux-2.6-amd64.deb&wget=true’

dpkg -i dpkg -i splunk-8.0.1-6db836e2fb9e-linux-2.6-amd64.deb
cd /opt/splunk/bin/
./splunk start
./splunk enable boot-start
sudo ./splunk status

–Cli to add dataSource:
./splunk add udp 514 -sourcetype syslog
./splunk edit udp 514 -resolvehost true -auth admin:changeme

sudo ufw allow from any to any port 514

GUI: http://192.168.86.221.com:8000
–> Make it Free (500MB/day) GUI: Setting –> Licensing –> Choose Free license (reboot splunk:ok).

Search logs: host=”10.10.1.9″


Juniper:
[email protected]# set system syslog host 10.10.10.1 any any
set system syslog file default-log-messages any warning
set system syslog file default-log-messages structured-data
[email protected]# show system syslog | display set

Additional:
[email protected]# set system syslog console any any –> you can open a console and watch all typed to console (too much data to watch!).
[email protected]# set system syslog console any info
set system syslog user * any info
set system syslog user root any any

[email protected]# show system syslog
user * {
any emergency;
}
host 192.168.86.221 {
any any;
}
host 10.10.10.1 {
any any;
}
file messages {
any error;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
file default-log-messages {
any warning;
structured-data;
}

[edit]
[email protected]#

Share on print
Print
Share on google
Google+
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Leave a reply

Your email address will not be published. Required fields are marked *

ADENTECH guides

We love to help.

Get our newsletter, join the community: