Configuring a Juniper Netscreen device to Send Syslogs

For SecureTrack to be able to associate syslogs with their respective firewalls, each Netscreen device that sends syslogs to SecureTrack must have a unique hostname.

Syslog traffic must be configured to arrive to the SecureTrack server that monitors the device (Central Server, Distribution Server or Remote Collector Server) from the IP and/or host name of the device.

For more information see Sending Additional Information via Syslog.

Syslog proxy is supported for specific devices. For more information on syslog proxy support for supported devices, see Configuring Devices to Send Logs (Configuring Devices to Send Logs).

Only rules that are marked for logging in the device are included in the syslogs.

To define SecureTrack as a syslog server on a Netscreen device:

1. Log into the firewall's web interface.

2. In the navigation pane, under Configuration > Report Settings, select Syslog:

   

3. Configure a row with the following settings:

   

   • Enable: Selected

   • IP/Hostname: the IP address of the SecureTrack server, remote collector or distribution server that is managing the device

   • Port: 514

   • Security Facility: LOCAL7

   • Facility: LOCAL7

     If you need to use a different facility, you can, in which case you'll also need to configure SecureTrack as described in this tech note.

   • Event Log: To enable identification of users who made policy changes and the time of those policy changes, Event Log must be selected.

   • Traffic Log: To enable Usage reporting, Traffic Log must be selected.

   • TCP: Cleared.

4. Click Apply.

5. In the navigation pane, click Log Settings:

   

6. Make sure that in the Syslog row, Notification and Information are selected:

   

7. Click Apply.