Junos Space Developer
Junos Space Developer

Log Forwarding to LogRhythm

‎02-13-2019 01:04 PM

Is it possible to forward logs from Junos Space/Collector to a LogRhythm Siem?  A while back we were demoing some Siems and LogRhythm claimed to not be able to read them.  All searching if seen seems to say that LogRhythm can handle structured data.

 

4 REPLIES 4
Junos Space Developer

Re: Log Forwarding to LogRhythm

‎02-14-2019 09:30 PM

Hi,

 

Yes you can enable Log Forwarding from Junos Space Log Collector to any other Syslog server (Like Juniper JSA or SIEM).

https://www.juniper.net/documentation/en_US/junos-space18.4/topics/task/operational/junos-space-log-...

 

NOTE : In Junos Space Security Director(SD) Release 16.2, log forwarding is not supported on JSA. Other versions of SD support Log Forwarding.

 

 

Regards
-Animesh
If this worked for you please flag my post as an "Accepted Solution" so others can be benefited.
Junos Space Developer

Re: Log Forwarding to LogRhythm

‎03-05-2019 06:33 AM

So nothing fancy has to be done in LogRhythm to parse them?

Junos Space Developer

Re: Log Forwarding to LogRhythm

‎03-09-2019 11:25 PM

Hi,

 

I am not sure how the LogRhythm SIEM tool works. But we have tested forwarding logs from Space Log collector to Juniper JSA(SIEM tool) and IBM QRADAR SIEM tool and it automatically parse the logs and identifies the log source.

 

You can try enabling the Forwarding options and check on the LogRhythm SIEM tool , it should detect and parse them automatically. It works fine in Juniper JSA and IBM QRADAR tool.

 

 

Regards
-Animesh
If this worked for you please flag my post as an "Accepted Solution" so others can be benefited.
Junos Space Developer

Re: Log Forwarding to LogRhythm

‎04-17-2019 07:38 AM

The problem we are seeing with LogRhythm is that it is identifying the collector as the source.