Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[STRM] [vGW] Configuring vGW to Forward Events and Netflows to STRM

0

0

Article ID: KB21787 KB Last Updated: 04 Mar 2017Version: 6.0
Summary:
STRM records all relevant events, such as admin, policy, IDS logs, and firewall events received from vGW.  Configuration consists of a two step process.  First you must forward events and/or netflows from vGW to STRM.  Second, on STRM, you must install the DSM and configure a log source to receive and parse the data coming from vGW.
Symptoms:

Solution:
To forward vGW events to STRM:

1. Log in to your Juniper Networks vGW interface.
2. Select Settings.
3. From the Security Settings section, select Global.
4. From the External Logging section, select one of the following:
a. Send Syslog from vGW management server - Central logging with syslog event provided from a management server.
b. Send Syslog from Firewalls - Distribute logging with each Firewall Security VM providing syslog events.

Note: If you select the option Send Syslog from vGW management server, all events forwarded to STRM contain the IP address of the vGW management server.
5. Type values for the following parameters:
a. Syslog Server - Type the IP address of your vGW management server if you selected to Send Syslog from vGW management server. Or, type the IP address of STRM if you selected Send Syslog from Firewalls.
b. Syslog Server Port - Type the port address for syslog. This is typically port 514.
6. From the External Logging section, click Save.
Note: Only changes made to the External Logging section are stored when you click Save in Step 6. Any changes made to NetFlow require that you save using the button within NetFlow Configuration section.
To forward vGW netflows to STRM:

1. From the NetFlow Configuration section, select the enable check box.
Note: NetFlow does not support central logging from a vGW management server.From the External Logging section, you must select the option Send Syslog from Firewalls.
2. Type values for the following parameters:
a. NetFlow collector address - Type the IP address of STRM.
b. NetFlow collector port - Type a port address for NetFlow events.
Note: STRM typically uses port 2055 for NetFlow event data on QFlow Collectors. You must configure a different NetFlow collector port on your Juniper Networks vGW Series Virtual Gateway for NetFlow.
3. From the NetFlow Configuration section, click Save.
You are now ready to install the vGW DSM and configure the log source within the STRM interface.

For more information, please see the DSM Guide and Log Source User's Guide for your version of STRM.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search