I'm currently parsing Juniper firewall logs, and can easily filter on security zones, IPs, protocols and destination ports.
However, I'm interested in seeing a summary of this type of data. This would be similar to a "conversations view" from Wireshark. For example: If I search a firewall's logs and filter on 7 days of Internal to DMZ traffic, I'd like to see a summary of the connections. SourceIP --> DestinationIP and destination port (a count of those events would be great too).
Perhaps I could try to parse out that information (SourceIP --> DestinationIP) to its own indexed "field" and then use the table summary?
Is there a better way?
Thank you!
Conversation view from network session logs
-
[email protected]
- Posts: 2
- Joined: Thu Apr 24, 2014 10:49 am
Re: Conversation view from network session logs
This sounds like a great job for Nagios Log Server.
Nagios Log Server video
DOWNLOAD FREE trial
You could use GROK filters to tell the program how to parse Juniper logs, and it has graphical features to help you visualize that data.
Log Server configuration DOCUMENT
Nagios Log Server video
DOWNLOAD FREE trial
You could use GROK filters to tell the program how to parse Juniper logs, and it has graphical features to help you visualize that data.
Log Server configuration DOCUMENT
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!