Data Center Technologists
Showing results for 
Search instead for 
Do you mean 

Juniper Content Pack for VMware vRealize Log Insight: Securing Software-Defined Data Center Networks Using Logs

by Juniper Employee on ‎01-02-2016 08:31 PM

Juniper Networks’ next-generation security solution, using SRX Series physical or vSRX virtual firewalls, provides rich perimeter, content and application security features to meet the needs of cloud deployments. Logs are one of the key sources of security information for cloud administrators, and the SRX/vSRX generate very rich security logs that help users monitor, debug and perform detailed threat analysis.

 

VMware vRealize Log Insight provides scalable log aggregation and indexing with near real-time search and analytics capabilities. Juniper’s content pack for vRealize Log Insight provides a common dashboard with widgets to manage syslog from switching, security and routing platforms.  The content pack also supports custom dashboards for integrating the rich log analytics features of vRealize Log Insight with the SRX/vSRX security logging capabilities, further helping cloud administrators monitor and analyze security logs.

 

Key Features

Juniper’s Log Insight content pack provides a rich set of built-in dashboards, predefined extracted fields, and prebuilt queries and alerts, providing monitoring and analysis of security logs.  This gives data center administrators the in-depth visibility needed in dynamic cloud environments.

 

Built-in dashboards: Juniper’s Log Insight content pack includes built-in dashboards for monitoring attack flows, flow sessions, bandwidth utilization and packet drops. These dashboards help cloud administrators monitor key flow level and application level behaviors, as well as detect potential attacks, threats and spam events in the network.

The Juniper Log Insight content pack dashboards include a set of widgets that report key data points related to a given area.  Dashboards are provided for attack flows, flow sessions, bandwidth details and packet drops.

The General dashboard includes the Top Flow and Events, Denied Flows, and Blocked and Permitted Websites widgets, along with other information (see screen shot below).

General.png

 

 

The Attacks Flows dashboard shows attacks by service, application and protocol types.

Attacks Flow.png

 

The Flow Sessions dashboard reports sessions created/closed by source and destination IP addresses and ports. 

Sessions (Classified).png

 

The Bandwidth dashboard shows bandwidth utilization by client and server, both in the form of bytes and as a number of packets, segregated by service types.

Cliend Bandwidth (Summary).png

Apart from the above default dashboards, cloud administrators can create their own personal dashboards in the Juniper Log Insight content pack to analyze and view other security log details.

 

Interactive Log Analysis: Juniper’s Log Insight content pack includes predefined extracted fields that provide cloud administrators with a detailed view of security logs. Users can drill down into each dashboard to view additional logs and field contents.

InteractiveAnal.png

 

Predefined Alerts:  Juniper’s Log Insight content pack includes predefined alerts that continuously warn cloud administrators about potential attacks, threats and spams.

Alerts.png

 

Summary

The Juniper Networks Log Insight content pack contains custom dashboards, fields and queries specific to Juniper SRX/vSRX security solutions, enabling customers to view and analyze logs from Juniper’s next-generation security solution using VMware vRealize Log Insight 3.0 GA.  With the Juniper solution, cloud administrators can now monitor, debug and perform threat analysis for applications in their data center using a single interface.

 

The Log Insight content pack offers common dashboards that can be used to manage Juniper switching and routing syslogs.  These capabilities can also be selectively extended through custom dashboards, fields and queries to perform detailed log analysis of Juniper switching and routing solutions deployed in cloud deployments.

 

How to Download

Juniper’s content pack for VMware vRealize Log Insight is available for download in the VMware vRealize Log Insight Marketplace.  The content pack can be found in the Marketplace menu for VMware vRealize Log Insight from Release 3.0 onwards (see screen shot below).

Marketplace.png

 

Comments
by anthonyw
on ‎05-27-2016 06:21 PM

please advice how config logs from to logs insight,  I install the juniper security content and went to to the juniper point the ip to the vmware logs insight but see no info flow to logs insight.  thanks

by jhosee
on ‎09-14-2016 07:08 PM

bump for @anthonyw, I have this same issue as well.

by tphakala
on ‎04-15-2017 01:08 AM

You must set 'stuctured-data' for LogInsight host for this content pack to work.

 

set system syslog host LOGINSIGHT.DOMAIN.NAME structured-data

Announcements
Juniper Networks Technical Books
About the Author
  • Anil Lohiya is a Principal Engineer in the Campus and Data Center Business unit in Juniper Networks. In his current role, he is leading some of the SDN and Network Virtualization initiatives.
  • I am an Engineer with expertise in Data Packet Forwarding, Software Design & Programming with major domain expertise in QoS (Quality of Services). I have worked across the domains in Data communications field. I love water and am a good swimmer too.
  • Remarkably organized stardust. https://google.com/+JamesKelly
  • I have been in the networking industry for over 35 years: PBXs, SNA, Muxes, ATM, routers, switches, optical - I've seen it all. Twelve years in the US, over 25 in Europe, at companies like AT&T, IBM, Bay Networks, Nortel Networks and Dimension Data. Since 2007 I have been at Juniper, focusing on solutions and services: solving business problems via products and projects. Our market is characterized by amazing technological innovations, but technology is no use if you cannot get it to work and keep it working. That is why services are so exciting: this is where the technology moves out of the glossy brochures and into the real world! Follow me on Twitter: @JoeAtJuniper For more about me, go to my LinkedIn profile: http://fr.linkedin.com/pub/joe-robertson/0/4a/34a
  • Ken Briley is Data Center TME at Juniper Networks focused on Juniper switching product lines. Prior to Juniper Networks, Ken worked at Cumulus Networks as a TME supporting the dis-aggregation movement and before that he spent 15 years at Cisco Systems working in various roles: Technical Support, Technical Marketing Engineer, Network Consulting Engineer and Product Management. Ken has an MS in Electrical Engineering and is CCIE # 9754.
  • Michael Pergament, JNCIE-SP #510, JNCIE-ENT #23, JNCIP-SEC
  • Raj is a Sr. Cloud Technology Architect with Juniper Networks and focuses on technologies such as VMware, SDN, and OpenStack etc.
  • Rakesh Dubey is the engineering head for Campus and Data Center business unit at Juniper Networks. He has been with Juniper for past six years leading multiple switching products.
  • Sarath Chandra Mekala is a staff engineer with Juniper networks and focuses on implementing Juniper's Openstack Neutron plugins in the areas of Switching, Routing, Firewall and VPN. He is an official contributor to Openstack Neutron FWaaS v2.
  • Sriram is a Sr. Manager in the Campus and Datacenter Business Unit. He is part of the Network Director team and focuses on technologies such as VMware integration, OpenStack etc.