Monday, October 12, 2015

Junos Space Security Director - Part IV

The fourth part of this guide demonstrates how to configure SRX logging in Junos Space Security Director (version 14.1R3.4). It assumes that Junos Space, Security Director, an SRX, and a Log Collector are already deployed and operational. For steps on how to install Junos Space components, start here.
  1. Navigate to Devices -> Device Management, right-click on the SRX and select Device Configuration -> Modify Configuration -> Security Logging
  2. Set the mode to Stream (better for performance on the branch SRX and required on the high end SRX), the source address should be the IP address of the SRX, and the format should be sd-syslog
  3. Click on the green "+" icon to add a new stream configuration
  4. Select Deploy and review the configuration changes to be deployed
  5. Select Approve and then Deploy
  6. Click on the job to verify successful deployment
You will then begin to see logged events under Event Viewer.