Hi Guys,
How I can send all information about traffic to my syslog server? I would like to display traffic stats in my company from the firewall but my analytics software needs to get all information from the syslog server.
That's what I'm currently getting from the firewall:
{
"_index": "logstash-2016.06.14",
"_type": "syslog",
"_id": "AVVNtaanEZJEbJp5-VPH",
"_score": null,
"_source": {
"message": "<14>Jun 14 07:50:52 smart-srx RT_FLOW: RT_FLOW_SESSION_CREATE: session created 10.0.100.19/46586->*****************/443 junos-https ****************/30207->***************/443 wifi-to-internet-r1 None 6 wifi-to-internet wifi internet 192616 N/A(N/A) ge-0/0/4.0 UNKNOWN UNKNOWN UNKNOWN",
"@version": "1",
"@timestamp": "2016-06-14T06:59:57.617Z",
"type": "syslog",
"host": "10.0.100.1",
"syslog_severity_code": 5,
"syslog_facility_code": 1,
"syslog_facility": "user-level",
"syslog_severity": "notice",
"event": "RT_FLOW_SESSION_CREATE",
"src-ip": "10.0.100.19",
"src-port": "46586",
"dst-ip": "****************",
"dst-port": "443",
"service": "junos-https",
"nat-src-ip": "**************",
"nat-src-port": "30207",
"nat-dst-ip": "*************",
"nat-dst-port": "443",
"src-nat-rule-name": "wifi-to-internet-r1",
"dst-nat-rule-name": "None",
"protocol-id": "6",
"policy-name": "wifi-to-internet",
"from-zone": "wifi",
"to-zone": "internet",
"session-id": "192616"
},
"fields": {
"@timestamp": [
1465887597617
]
},
"sort": [
1465887597617
]
}Thanks