ScreenOS Firewalls (NOT SRX)
Reply
Trusted Contributor
Gavrilo
Posts: 279
Registered: ‎07-14-2008
0
Accepted Solution

NSM log query performance

Gents,

 

I have a general enquiry regarding Log searches and queries which the more I think about could be extreemly useful to many users with multiple Juniper Firewalls. I should also warn you that although I am an experienced user with NetScreens I am a novice when it comes to NSM and have yet to read through the relevant Juniper documentation on this product.

 

I work for a third party company who manage customers with multiple Juniper NetScreen Firewalls which in turn are managed through NSM. One of the problems I have encountered is with log analysis as it is extreemly long winded trawling through a days worth of logs to find traffic flows.

 

My questions are:

 

  • Are there any ways to improve log searches e.g. does selecting multiple fields improve or slow searcing?
  • Are there any other Juniper or 3rd party tools which help with this?
  • Is there any method of querying the logs directly e.g. SQL type queries and if so how can it be done?

 

Thanks in advance,

 

Gavrilo

Trusted Expert
Automate
Posts: 784
Registered: ‎11-01-2007

Re: NSM log query performance

Have you looked at our STRM product? That's precisely what it's intended for in the context of enhanced security monitoring.

 

You may also be able to use products like Splunk, ChainSaw,  etc, but I don't know what sort of success people have had directly.

 

regards,

 

-Keith

Trusted Contributor
Gavrilo
Posts: 279
Registered: ‎07-14-2008
0

Re: NSM log query performance

Not yet but I will.

 

Thanks for the response.

 

Gavrilo

Contributor
cglanville
Posts: 15
Registered: ‎11-05-2008

Re: NSM log query performance

I would make sure you are at the latest version and also that the server has been rebooted in the last few months.  I was running an older version on a server that had been up for over a year.  I noticed a significant increase in performance after reboot and upgrade.

 

Also, I think it is a farily RAM intensive application so upgrading your RAM couldn't hurt.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.