Data Center Technologists
Showing results for 
Search instead for 
Do you mean 

Juniper Content Pack for VMware vRealize Log Insight: Securing Software-Defined Data Center Networks Using Logs

by Juniper Employee on ‎01-02-2016 08:31 PM

Juniper Networks’ next-generation security solution, using SRX Series physical or vSRX virtual firewalls, provides rich perimeter, content and application security features to meet the needs of cloud deployments. Logs are one of the key sources of security information for cloud administrators, and the SRX/vSRX generate very rich security logs that help users monitor, debug and perform detailed threat analysis.

 

VMware vRealize Log Insight provides scalable log aggregation and indexing with near real-time search and analytics capabilities. Juniper’s content pack for vRealize Log Insight provides a common dashboard with widgets to manage syslog from switching, security and routing platforms.  The content pack also supports custom dashboards for integrating the rich log analytics features of vRealize Log Insight with the SRX/vSRX security logging capabilities, further helping cloud administrators monitor and analyze security logs.

 

Key Features

Juniper’s Log Insight content pack provides a rich set of built-in dashboards, predefined extracted fields, and prebuilt queries and alerts, providing monitoring and analysis of security logs.  This gives data center administrators the in-depth visibility needed in dynamic cloud environments.

 

Built-in dashboards: Juniper’s Log Insight content pack includes built-in dashboards for monitoring attack flows, flow sessions, bandwidth utilization and packet drops. These dashboards help cloud administrators monitor key flow level and application level behaviors, as well as detect potential attacks, threats and spam events in the network.

The Juniper Log Insight content pack dashboards include a set of widgets that report key data points related to a given area.  Dashboards are provided for attack flows, flow sessions, bandwidth details and packet drops.

The General dashboard includes the Top Flow and Events, Denied Flows, and Blocked and Permitted Websites widgets, along with other information (see screen shot below).

 

 

The Attacks Flows dashboard shows attacks by service, application and protocol types.

 

The Flow Sessions dashboard reports sessions created/closed by source and destination IP addresses and ports. 

 

The Bandwidth dashboard shows bandwidth utilization by client and server, both in the form of bytes and as a number of packets, segregated by service types.

Apart from the above default dashboards, cloud administrators can create their own personal dashboards in the Juniper Log Insight content pack to analyze and view other security log details.

 

Interactive Log Analysis: Juniper’s Log Insight content pack includes predefined extracted fields that provide cloud administrators with a detailed view of security logs. Users can drill down into each dashboard to view additional logs and field contents.

 

Predefined Alerts:  Juniper’s Log Insight content pack includes predefined alerts that continuously warn cloud administrators about potential attacks, threats and spams.

 

Summary

The Juniper Networks Log Insight content pack contains custom dashboards, fields and queries specific to Juniper SRX/vSRX security solutions, enabling customers to view and analyze logs from Juniper’s next-generation security solution using VMware vRealize Log Insight 3.0 GA.  With the Juniper solution, cloud administrators can now monitor, debug and perform threat analysis for applications in their data center using a single interface.

 

The Log Insight content pack offers common dashboards that can be used to manage Juniper switching and routing syslogs.  These capabilities can also be selectively extended through custom dashboards, fields and queries to perform detailed log analysis of Juniper switching and routing solutions deployed in cloud deployments.

 

How to Download

Juniper’s content pack for VMware vRealize Log Insight is available for download in the VMware vRealize Log Insight Marketplace.  The content pack can be found in the Marketplace menu for VMware vRealize Log Insight from Release 3.0 onwards (see screen shot below).

 

Comments
by anthonyw
on ‎05-27-2016 06:21 PM

please advice how config logs from to logs insight,  I install the juniper security content and went to to the juniper point the ip to the vmware logs insight but see no info flow to logs insight.  thanks

by jhosee
on ‎09-14-2016 07:08 PM

bump for @anthonyw, I have this same issue as well.

by tphakala
on ‎04-15-2017 01:08 AM

You must set 'stuctured-data' for LogInsight host for this content pack to work.

 

set system syslog host LOGINSIGHT.DOMAIN.NAME structured-data

Announcements
Juniper TechCafe Ask the Author
About the Author
  • Anil Lohiya is a Principal Engineer in the Campus and Data Center Business unit in Juniper Networks. In his current role, he is leading some of the SDN and Network Virtualization initiatives.
  • I am an Engineer with expertise in Data Packet Forwarding, Software Design & Programming with major domain expertise in QoS (Quality of Services). I have worked across the domains in Data communications field. I love water and am a good swimmer too.
  • Jai Kumar is a DE with Juniper Networks. He is one of the key architects of QFabric. He is also an author and architect of OpenFlow support on MX platforms, Open Convergence Framework (OCF) for converged wireless and wired networks, MPLS in data centers and Juniper Cloud Analytics Engine (an Open Analytics Platform). He holds 18 patents on various technologies.
  • Remarkably organized stardust. https://google.com/+JamesKelly
  • I have been in the networking industry for over 35 years: PBXs, SNA, Muxes, ATM, routers, switches, optical - I've seen it all. Twelve years in the US, over 25 in Europe, at companies like AT&T, IBM, Bay Networks, Nortel Networks and Dimension Data. Since 2007 I have been at Juniper, focusing on solutions and services: solving business problems via products and projects. Our market is characterized by amazing technological innovations, but technology is no use if you cannot get it to work and keep it working. That is why services are so exciting: this is where the technology moves out of the glossy brochures and into the real world! Follow me on Twitter: @JoeAtJuniper For more about me, go to my LinkedIn profile: http://fr.linkedin.com/pub/joe-robertson/0/4a/34a
  • Jonathan Davidson is executive vice president and general manager, Juniper Development and Innovation (JDI). In this role, he is responsible for driving strategy, development, and business growth for Juniper's entire portfolio including routing, switching, and security, as well as for the ongoing evolution of silicon technology and the Junos operating system. Prior to his current position, Davidson was senior vice president and general manager for Juniper’s Security, Switching and Solutions Business Unit (S3BU). In this role, he was responsible for leading innovation, growth and product development in data center, campus, branch, and cloud. Davidson joined Juniper in 2010 as vice president, Product Line Management for the Edge and Aggregation Business Unit where he was responsible for the product lifecycle management, strategy, implementation, solutions and go-to-market activity for a range of leading edge routing product families, such as the E, M and MX Series. Before joining Juniper, Davidson had a 15-year career in various leadership positions at Cisco.
  • Ken Briley is Data Center TME at Juniper Networks focused on Juniper switching product lines. Prior to Juniper Networks, Ken worked at Cumulus Networks as a TME supporting the dis-aggregation movement and before that he spent 15 years at Cisco Systems working in various roles: Technical Support, Technical Marketing Engineer, Network Consulting Engineer and Product Management. Ken has an MS in Electrical Engineering and is CCIE # 9754.
  • Lakshmi Namboori is a Senior Product Line Manager with Juniper Networks and focuses on datacenter switching portfolio and fabric architectures. Lead product manager for optical solutions and strategy and Enterprise solutions. She is certified in switching and routing technologies. She is CCIE # 15656. She held various roles in Cisco for 9 years before moving to Juniper. She is passionate about networking industry and her work.
  • Michael Pergament, JNCIE-SP #510, JNCIE-ENT #23, JNCIP-SEC
  • Raj is a Sr. Cloud Technology Architect with Juniper Networks and focuses on technologies such as VMware, SDN, and OpenStack etc.
  • Rakesh Dubey is the engineering head for Campus and Data Center business unit at Juniper Networks. He has been with Juniper for past six years leading multiple switching products.
  • Sarath Chandra Mekala is a staff engineer with Juniper networks and focuses on implementing Juniper's Openstack Neutron plugins in the areas of Switching, Routing, Firewall and VPN. He is an official contributor to Openstack Neutron FWaaS v2.
  • Sriram is a Sr. Manager in the Campus and Datacenter Business Unit. He is part of the Network Director team and focuses on technologies such as VMware integration, OpenStack etc.