Page Comparison

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

Therefore, the valid tags include:

Product / Service	Tags	Data tables
`firewall.juniper.isg.system`	`firewall.juniper.isg.system`
`firewall.juniper.isg.traffic`	`firewall.juniper.isg.traffic`
`firewall.juniper.nsm.traffic`	`firewall.juniper.nsm.traffic`
`firewall.juniper.srx.idp`	`firewall.juniper.srx.idp`
`firewall.juniper.srx.probe`	`firewall.juniper.srx.probe`
`firewall.juniper.srx.system`	`firewall.juniper.srx.system`
`firewall.juniper.srx.traffic`	`firewall.juniper.srx.traffic`
`firewall.juniper.srx.utm`	`firewall.juniper.srx.utm`
`firewall.juniper.ssg.system`	`firewall.juniper.ssg.system`
`firewall.juniper.ssg.traffic`	`firewall.juniper.ssg.traffic`
`firewall.juniper.system`	`firewall.juniper.system`
`firewall.juniper.traffic`	`firewall.juniper.traffic`

...

Rule 1: Identify "traffic" type events

Source Portport → 514
Source Messagemessage → "\\[Root]system-[^][0-9](traffic):"
Target Tagtag → firewall.juniper.isg.traffic
Check the Stop Processingprocessing checkbox

Rule 2: Tag all other events received from the Juniper IP as "system"

IP → <Juniper IP address>
Source Port → 514
Target Tagtag → all the rest as firewall.juniper.isg.system

Firewall Juniper SRX Series

...

Rule 1: Tag events containing the syslog tag RT_FLOW as "traffic"

Source Portport → 514
Source Tagtag → RT_FLOW
Target Tagtag → firewall firewall.juniper.srx.traffic (or firewallor firewall.juniper.srx.traffic.vXXvXX)
Check the Stop Processingprocessing checkbox

Rule 2: Tag events containing the syslog tag RT_UTM as "utm"

Source Portport → 514 514
Source Tagtag → RT RT_UTM UTM
Target Tagtag → firewall firewall.juniper.srx.utm
Check the Stop Processing checkbox

Rule 3: Tag events containing the syslog tag RT_IDP as "idp"

Source Portport → 514 514
Source Tagtag → RT RT_IDP
Target Tagtag → firewall firewall.juniper.srx.idp
Check the Stop Processingprocessing checkbox

Rule 4: Tag all other events received on port 514 as "system"

Source Portport → 514
Target Tagtag → firewall.juniper.srx.system
Check the Sent without syslog tag checkbox

...

Rule 1: Tag events containing the syslog tag RT_FLOW as "traffic"

Source Port → 13003 port → 13003
Source Data → ^data → ^.*? RT_FLOW - .*$
Target Tag → firewalltag → firewall.juniper.srx.traffic
Check the Stop Processingprocessing and Sent without syslog tag checkboxes

Rule 2: Tag events containing the syslog tag RT_UTM as "utm"

Source Port → 13003port → 13003
Source Data → ^data → ^.*? RT_UTM - .*$
Target Tag → firewalltag → firewall.juniper.srx.utm
Check the Stop Processingprocessing and Sent without syslog tag checkboxes

Rule 3: Tag events containing the syslog tag RT_IDP as "idp"

Source Port → 13003port → 13003
Source Data → ^data → ^.*? RT_IDP - .*$
Target Tag → firewalltag → firewall.juniper.srx.idp
Check the Stop Processingprocessing and Sent without syslog tag checkboxes

Rule 4: Tag all other events received on the same port as "system"

IP → <Juniper → <Juniper IP>
Source Port → 13003port → 13003
Target Tag → firewalltag → firewall.juniper.srx.system
Check the Sent without syslog tag checkbox

...