...
Therefore, the valid tags include:
Product / Service | Tags | Data tables |
---|---|---|
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
...
Rule 1: Identify "traffic" type events
Source Portport →
514
Source Messagemessage →
"\\[Root]system-[^][0-9](traffic):"
Target Tagtag →
firewall.juniper.isg.traffic
Check the Stop Processingprocessing checkbox
Rule 2: Tag all other events received from the Juniper IP as "system"
IP →
<Juniper IP address>
Source Port →
514
Target Tagtag → all the rest as
firewall.juniper.isg.system
Firewall Juniper SRX Series
...
Rule 1: Tag events containing the syslog tag RT_FLOW as "traffic"
Source Portport →
514
Source Tagtag →
RT_FLOW
Target Tagtag → firewall
firewall.juniper.srx.traffic
(or firewallorfirewall.juniper.srx.traffic.
vXXvXX
)Check the Stop Processingprocessing checkbox
Rule 2: Tag events containing the syslog tag RT_UTM as "utm"
Source Portport → 514
514
Source Tagtag → RT
RT_
UTMUTM
Target Tagtag → firewall
firewall.juniper.srx.utm
Check the Stop Processing checkbox
Rule 3: Tag events containing the syslog tag RT_IDP as "idp"
Source Portport → 514
514
Source Tagtag → RT
RT_IDP
Target Tagtag → firewall
firewall.juniper.srx.idp
Check the Stop Processingprocessing checkbox
Rule 4: Tag all other events received on port 514 as "system"
Source Portport →
514
Target Tagtag →
firewall.juniper.srx.system
Check the Sent without syslog tag checkbox
...
Rule 1: Tag events containing the syslog tag RT_FLOW as "traffic"
Source Port → 13003 port →
13003
Source Data → ^data →
^.*? RT_FLOW - .*$
Target Tag → firewalltag →
firewall.juniper.srx.traffic
Check the Stop Processingprocessing and Sent without syslog tag checkboxes
Rule 2: Tag events containing the syslog tag RT_UTM as "utm"
Source Port → 13003port →
13003
Source Data → ^data →
^.*? RT_UTM - .*$
Target Tag → firewalltag →
firewall.juniper.srx.utm
Check the Stop Processingprocessing and Sent without syslog tag checkboxes
Rule 3: Tag events containing the syslog tag RT_IDP as "idp"
Source Port → 13003port →
13003
Source Data → ^data →
^.*? RT_IDP - .*$
Target Tag → firewalltag →
firewall.juniper.srx.idp
Check the Stop Processingprocessing and Sent without syslog tag checkboxes
Rule 4: Tag all other events received on the same port as "system"
IP → <Juniper →
<Juniper IP>
Source Port → 13003port →
13003
Target Tag → firewalltag →
firewall.juniper.srx.system
Check the Sent without syslog tag checkbox
...