Juniper SRX IDP and UTM AV (Sophos) Syslog Failed Update Message for Pro-active Alerting
a week ago
We have 14+ Juniper SRX300 Firewalls setup to send traffic and IDP/UTM alerts to a syslog collection servers so can do alerting and proactive detection of issues. The SRX300 Firewalls are setup to check every 24hrs for IDP security package updates and UTM Sophos Anti-Virus updates.
As we have all the traffic and IDP event being sent to a syslog server we have the ability to create alerts based upon text string when issues occur. I want to setup an alert on the syslog server to alert when a Juniper SRX fails to update its IDP and Sophos AV security updates successfully.
Does anyone know if there's a particular string, keywords or example event that would be generated by an SRX300 running 15.1X49-D45 when the IDP security package fails to update and install successfully and when a UTM Sophos AV update package fails to update or install correctly?
This will allow creation of an alert when the IDP and UTM AV updates fail. I assume there will need to be a different string/event for the fialed IDP verse the UTM AV update failure.