Hi there,
A request to the forum here.
If possible, i would need the most important process modules such as RT_FLOW, RT_UTM, RT_IDP (IPS), RT_ATP etc. briefly structured anonymized syslog messages.
Example:
<14>1 2012-11-18T09:56:58.806-07:00 INTERNET-ROUTER RT_FLOW – RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.41 source-address=”192.168.1.102″ source-port=”58662″ destination-address=”8.8.8.8″ destination-port=”53″ service-name=”junos-dns-udp” nat-source-address=”68.144.56.81″ nat-source-port=”55893″ nat-destination-address=”8.8.8.8″ nat-destination-port=”53″ src-nat-rule-name=”TRUST-INET-ACCESS” dst-nat-rule-name=”None” protocol-id=”17″ policy-name=”OUTBOUND-INTERNET-ACCESS” source-zone-name=”TRUST” destination-zone-name=”INTERNET” session-id-32=”6316″ username=”N/A” roles=”N/A” packet-incoming-interface=”vlan.192″] session created 192.168.1.102/58662->8.8.8.8/53 junos-dns-udp 68.144.56.81/55893->8.8.8.8/53 TRUST-INET-ACCESS None 17 OUTBOUND-INTERNET-ACCESS TRUST INTERNET 6316 N/A(N/A) vlan.192
The background is as follows.
These syslog messages are used to create a new module for srx / junos for filebeat (elasticsearch). You can use the SIEM from Kibana (elastic) to carry out a very precise analysis of the data. Quite similar to the existing firewall modules from Cisco, PanOS, Fortinet, Ceckpoint and soon also SophosXG.
It would be great if some of you would send me appropriate syslog messages.
I would like to thank you in advance for this.
Best regards
StefanS