Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Syslog stream does not Contain Untrust Zone Deny or Reject traffic

    Posted 10-31-2012 22:22

    Hi all,

     

    We are currently setting up a SIEM service to help correlate events with our multitude of edge devices, which are primarily SSG140's and SSG5's. What we're particularly interested in, is using our SIEM platform for alerting to external attacks and such like.

     

    My issue is that my syslog stream only contains "permit" traffic for anything that originates from the untrust zone.

     

    Is there a way to include "deny" or "reject" traffic from untrust (or other zones) in the syslog stream?

     

    Any thoughts gratefully received. thanks.



  • 2.  RE: Syslog stream does not Contain Untrust Zone Deny or Reject traffic

    Posted 10-31-2012 22:58

    Hi,

     

    Easiest way to get all denied traffic logged is to create a "deny all" rule to global zone which has logging enabled.

    Also you might want to enable screening options in all the zones. There's plenty!



  • 3.  RE: Syslog stream does not Contain Untrust Zone Deny or Reject traffic

    Posted 11-01-2012 16:04

    Thanks Tero.

     

    Will give that a try.

     

    Is that rule from Global zone to Global zone?

     

    Cheers



  • 4.  RE: Syslog stream does not Contain Untrust Zone Deny or Reject traffic
    Best Answer

    Posted 11-02-2012 01:33

    Hi,

     

    Yes. Below is line to do it in the CLI. I dont use Web so much.

     

    set policy global name "Global DROP" from "Global" to "Global"  "Any-IPv4" "Any-IPv4" "ANY" deny log