ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

NSM log query performance

12.23.08   |  
‎12-23-2008 01:45 AM

Gents,

 

I have a general enquiry regarding Log searches and queries which the more I think about could be extreemly useful to many users with multiple Juniper Firewalls. I should also warn you that although I am an experienced user with NetScreens I am a novice when it comes to NSM and have yet to read through the relevant Juniper documentation on this product.

 

I work for a third party company who manage customers with multiple Juniper NetScreen Firewalls which in turn are managed through NSM. One of the problems I have encountered is with log analysis as it is extreemly long winded trawling through a days worth of logs to find traffic flows.

 

My questions are:

 

  • Are there any ways to improve log searches e.g. does selecting multiple fields improve or slow searcing?
  • Are there any other Juniper or 3rd party tools which help with this?
  • Is there any method of querying the logs directly e.g. SQL type queries and if so how can it be done?

 

Thanks in advance,

 

Gavrilo

3 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: NSM log query performance

12.24.08   |  
‎12-24-2008 10:21 AM

Have you looked at our STRM product? That's precisely what it's intended for in the context of enhanced security monitoring.

 

You may also be able to use products like Splunk, ChainSaw,  etc, but I don't know what sort of success people have had directly.

 

regards,

 

-Keith

ScreenOS Firewalls (NOT SRX)

Re: NSM log query performance

12.30.08   |  
‎12-30-2008 12:47 AM

Not yet but I will.

 

Thanks for the response.

 

Gavrilo

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: NSM log query performance

01.02.09   |  
‎01-02-2009 09:04 AM

I would make sure you are at the latest version and also that the server has been rebooted in the last few months.  I was running an older version on a server that had been up for over a year.  I noticed a significant increase in performance after reboot and upgrade.

 

Also, I think it is a farily RAM intensive application so upgrading your RAM couldn't hurt.