Data Center Technologists
Data Center Technologists
Juniper Content Pack for VMware vRealize Log Insight: Securing Software-Defined Data Center Networks Using Logs
09.14.16

Juniper Networks’ next-generation security solution, using SRX Series physical or vSRX virtual firewalls, provides rich perimeter, content and application security features to meet the needs of cloud deployments. Logs are one of the key sources of security information for cloud administrators, and the SRX/vSRX generate very rich security logs that help users monitor, debug and perform detailed threat analysis.

 

VMware vRealize Log Insight provides scalable log aggregation and indexing with near real-time search and analytics capabilities. Juniper’s content pack for vRealize Log Insight provides a common dashboard with widgets to manage syslog from switching, security and routing platforms.  The content pack also supports custom dashboards for integrating the rich log analytics features of vRealize Log Insight with the SRX/vSRX security logging capabilities, further helping cloud administrators monitor and analyze security logs.

 

Key Features

Juniper’s Log Insight content pack provides a rich set of built-in dashboards, predefined extracted fields, and prebuilt queries and alerts, providing monitoring and analysis of security logs.  This gives data center administrators the in-depth visibility needed in dynamic cloud environments.

 

Built-in dashboards: Juniper’s Log Insight content pack includes built-in dashboards for monitoring attack flows, flow sessions, bandwidth utilization and packet drops. These dashboards help cloud administrators monitor key flow level and application level behaviors, as well as detect potential attacks, threats and spam events in the network.

The Juniper Log Insight content pack dashboards include a set of widgets that report key data points related to a given area.  Dashboards are provided for attack flows, flow sessions, bandwidth details and packet drops.

The General dashboard includes the Top Flow and Events, Denied Flows, and Blocked and Permitted Websites widgets, along with other information (see screen shot below).

General.png

 

 

The Attacks Flows dashboard shows attacks by service, application and protocol types.

Attacks Flow.png

 

The Flow Sessions dashboard reports sessions created/closed by source and destination IP addresses and ports. 

Sessions (Classified).png

 

The Bandwidth dashboard shows bandwidth utilization by client and server, both in the form of bytes and as a number of packets, segregated by service types.

Cliend Bandwidth (Summary).png

Apart from the above default dashboards, cloud administrators can create their own personal dashboards in the Juniper Log Insight content pack to analyze and view other security log details.

 

Interactive Log Analysis: Juniper’s Log Insight content pack includes predefined extracted fields that provide cloud administrators with a detailed view of security logs. Users can drill down into each dashboard to view additional logs and field contents.

InteractiveAnal.png

 

Predefined Alerts:  Juniper’s Log Insight content pack includes predefined alerts that continuously warn cloud administrators about potential attacks, threats and spams.

Alerts.png

 

Summary

The Juniper Networks Log Insight content pack contains custom dashboards, fields and queries specific to Juniper SRX/vSRX security solutions, enabling customers to view and analyze logs from Juniper’s next-generation security solution using VMware vRealize Log Insight 3.0 GA.  With the Juniper solution, cloud administrators can now monitor, debug and perform threat analysis for applications in their data center using a single interface.

 

The Log Insight content pack offers common dashboards that can be used to manage Juniper switching and routing syslogs.  These capabilities can also be selectively extended through custom dashboards, fields and queries to perform detailed log analysis of Juniper switching and routing solutions deployed in cloud deployments.

 

How to Download

Juniper’s content pack for VMware vRealize Log Insight is available for download in the VMware vRealize Log Insight Marketplace.  The content pack can be found in the Marketplace menu for VMware vRealize Log Insight from Release 3.0 onwards (see screen shot below).

Marketplace.png

 

05.27.16
anthonyw

please advice how config logs from to logs insight,  I install the juniper security content and went to to the juniper point the ip to the vmware logs insight but see no info flow to logs insight.  thanks

09.14.16
jhosee

bump for @anthonyw, I have this same issue as well.

04.15.17
tphakala

You must set 'stuctured-data' for LogInsight host for this content pack to work.

 

set system syslog host LOGINSIGHT.DOMAIN.NAME structured-data