Junos Space Developer
Junos Space Developer

Not getting data in Junos Space Security Director Reports

‎08-14-2015 07:57 AM

I'm just starting with Junos Space Management Platform. I installed the last version available (14.1R3). I have virtual appliance one, I have installed both Junos Space and Log collector OVA's over an ESXi. I also added Log Collector fabric to Junos Space and now it's showing Log Director and Security Director Logging and Reporting applications on the list. I manually configured an SRX to send syslog to the Log Collector IP address. I'm not sure if that's the syslog configuration I should make, or if I have to make SRX send syslog to Junos Space IP address instead. Both virtual appliances have correct settings and are synchronized with a public NTP. I would like to know how to move forward in order to start viewing the syslog useful reports which Junos Space should generate from the Security Director fabric. When I generate reports, it says no data available, so I guess my syslog configuration is wrong. May you give me some info regarding this? Thanks a lot.

3 REPLIES 3
Junos Space Developer

Re: Not getting data in Junos Space Security Director Reports

[ Edited ]
‎08-15-2015 01:04 AM

Hello ngdelafp


Have you enabled security logging? if not you will not see anythng hit the log collector. security logging is quite different from syslog as its relates specifically to the srx platform

 
Heres an example from my system

 

set security log mode stream
set security log format sd-syslog
set security log source-address x.x.x.x
set security log stream SRX210HE2-CLUSTER format sd-syslog
set security log stream SRX210HE2-CLUSTER category all
set security log stream SRX210HE2-CLUSTER host x.x.x.

 

Also if you are looking to report on applications, then you will need to enable application tracking on a per zone basis see example below

set security zones security-zone Internet application-tracking

 

 

one last thing check what version of Log Director you have in installed it needs to be 14.1R3.4

Regards

 

Wycliffe

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudos would be great if you feel its deserved.

JNCIA IDP AC WX JNCDA JNCIS JSPA JNSCP-SEC JNCIP SEC JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudos would be great if you feel its deserved.
Junos Space Developer

Re: Not getting data in Junos Space Security Director Reports

‎09-01-2015 09:13 AM

Hi, Wycliffie  I have installed a log collector version 14.1R2.3-VM , but I can´t view the SRX´s event on real time. I configured the track app on the security zones and log session in every security policies, but I check on dashboard and log collector is plotting the events, what do you think is wrong ? 

Junos Space Developer

Re: Not getting data in Junos Space Security Director Reports

‎09-10-2015 12:24 AM
Question, when you check the log collector info do you see any event hits or indeed and clients logging to the collector? if not then you need to check your security log settings on your client.

Are you able to post your security log configuration and confirm connectivity from the host to the collector?

thanks

Wycliffe
JNCIA IDP AC WX JNCDA JNCIS JSPA JNSCP-SEC JNCIP SEC JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudos would be great if you feel its deserved.