This document describes how to configure syslog in Juniper Firewall.
Configure syslog using J-Web
- Log in to the Juniper SRX device (J-Web).
- Click Configure > CLI Tools > Point and Click CLI in the Juniper SRX device.
- Expand the System and click Syslog.
- In the Syslog page, click Add New Entry placed next to 'Host'.
- Enter the Forwarder IP address of the remote Syslog server.
- Click Apply to save the configuration.
NOTE: Juniper firewall do not have port option. By default, 514 port is used by Juniper Firewall to forward logs to Forwarder (syslog server).
Configure Security Policy using J-Web
To enable logging for security policy,
- Select Configure > Security > Policy > FW Policies.
- Click on the policy for which you would like to enable logging.
- Navigate to Logging/Count and in Log Options, select Log at Session Close Time.
Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") or with specific hostname, will provide the log source types which are ingesting to chronicle, below is the screen shot for reference.