Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Juniper Networks JunOS Switch

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP (V1, V2c)

Host name, JunOS version, Hardware model, Network interfaces,

Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Hardware status: Power Supply, Fan, Temperature

Availability and Performance Monitoring

Telnet/SSH

Running and startup configuration

Startup configuration change, delta between running and startup configuration

Performance Monitoring, Security and Compliance

SNMP (V1, V2c, V3)

Trunk port connectivity between switches and VLANs carried over a trunk port, End host Layer 2 port mapping: switch interface to VLAN id, end host IP/MAC address association

Topology and end-host location

Syslog

System logs and traffic logs matching acl statements

Availability, Security and Compliance

sflow

Traffic flow

Availability, Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "junos" to see the event types associated with this device. 

Rules

There are no predefined rules for this device. 

Reports

There are no predefined reports for this device. 

Configuration

 

SNMP
  1. Log in to the device manager for your JunOS switch with administrator privileges.
  2. Go to Configure > Services > SNMP.
  3. Under Communities, click Add
  4. Enter a Community Name
  5. Set Authorization to read-only
  6. Click OK.
Syslog
  1. Log in to the device manager for your JunOS switch with administrator privileges.
  2. Go to Dashboard > CLI Tools > CLI Editor.
  3. Edit the syslog section to send syslog to FortiSIEM. 

    JunOS Syslog Configuration

    system {
       ....
       syslog {
           user * {
                any emergency;
           }
           host <FortiSIEM Ip> {
                any any;
                explicit-priority;
           }
           file messages {
                any notice;
                authorization info;
           }
           file interactive-commands {
                interactive-commands any;
           }
           time-format year millisecond;
       }
    ....
    }
    
  4. Click Commit
Sample JunOS Syslog Messages

190>May 11 13:54:10 20.20.20.20 mgd[5518]: UI_LOGIN_EVENT: User 'phoenix_agent' login, class 'j-super-user' [5518], ssh-connection '192.168.28.21 39109 172.16.5.64 22', client-mode 'cli'

<38>Nov 18 17:50:46 login: %AUTH-6-LOGIN_INFORMATION: User phoenix_agent logged in from host 192.168.20.116 on device ttyp0
sFlow 

Routing the sFlow Datagram in EX Series Switches

 According to Juniper documentation, the sFlow datagram cannot be routed over the management Ethernet interface (me0) or virtual management interface (vme0) i n an EX Series switch implementation. It can only be exported over the network Gigabit Ethernet or 10-Gigabit Ethernet ports using valid route information in the routing table.

  1. Log in to the device manager for your JunOS switch with administrator privileges.
  2. Go to Configure > CLI Tools > Point and Click CLI.
  3. Expand Protocols and select slow.
  4. Next to Collector, click Add new entry
  5. Enter the IP address for your FortiSIEM virtual appliance. 
  6. For UDP Port, enter 6343.
  7. Click Commit
  8. Next to Interfaces, click Add new entry
  9. Enter the Interface Name for all interfaces that will send traffic over sFlow.
  10. Click Commit
  11. To disable the management port, go to Configure > Management Access, and remove the address of the management port. 
    You can also disconnect the cable.  

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Juniper JunOS
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration

Juniper Networks JunOS Switch

What is Discovered and Monitored

Protocol

Information Discovered

Metrics collected

Used for

SNMP (V1, V2c)

Host name, JunOS version, Hardware model, Network interfaces,

Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Hardware status: Power Supply, Fan, Temperature

Availability and Performance Monitoring

Telnet/SSH

Running and startup configuration

Startup configuration change, delta between running and startup configuration

Performance Monitoring, Security and Compliance

SNMP (V1, V2c, V3)

Trunk port connectivity between switches and VLANs carried over a trunk port, End host Layer 2 port mapping: switch interface to VLAN id, end host IP/MAC address association

Topology and end-host location

Syslog

System logs and traffic logs matching acl statements

Availability, Security and Compliance

sflow

Traffic flow

Availability, Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "junos" to see the event types associated with this device. 

Rules

There are no predefined rules for this device. 

Reports

There are no predefined reports for this device. 

Configuration

 

SNMP
  1. Log in to the device manager for your JunOS switch with administrator privileges.
  2. Go to Configure > Services > SNMP.
  3. Under Communities, click Add
  4. Enter a Community Name
  5. Set Authorization to read-only
  6. Click OK.
Syslog
  1. Log in to the device manager for your JunOS switch with administrator privileges.
  2. Go to Dashboard > CLI Tools > CLI Editor.
  3. Edit the syslog section to send syslog to FortiSIEM. 

    JunOS Syslog Configuration

    system {
       ....
       syslog {
           user * {
                any emergency;
           }
           host <FortiSIEM Ip> {
                any any;
                explicit-priority;
           }
           file messages {
                any notice;
                authorization info;
           }
           file interactive-commands {
                interactive-commands any;
           }
           time-format year millisecond;
       }
    ....
    }
    
  4. Click Commit
Sample JunOS Syslog Messages

190>May 11 13:54:10 20.20.20.20 mgd[5518]: UI_LOGIN_EVENT: User 'phoenix_agent' login, class 'j-super-user' [5518], ssh-connection '192.168.28.21 39109 172.16.5.64 22', client-mode 'cli'

<38>Nov 18 17:50:46 login: %AUTH-6-LOGIN_INFORMATION: User phoenix_agent logged in from host 192.168.20.116 on device ttyp0
sFlow 

Routing the sFlow Datagram in EX Series Switches

 According to Juniper documentation, the sFlow datagram cannot be routed over the management Ethernet interface (me0) or virtual management interface (vme0) i n an EX Series switch implementation. It can only be exported over the network Gigabit Ethernet or 10-Gigabit Ethernet ports using valid route information in the routing table.

  1. Log in to the device manager for your JunOS switch with administrator privileges.
  2. Go to Configure > CLI Tools > Point and Click CLI.
  3. Expand Protocols and select slow.
  4. Next to Collector, click Add new entry
  5. Enter the IP address for your FortiSIEM virtual appliance. 
  6. For UDP Port, enter 6343.
  7. Click Commit
  8. Next to Interfaces, click Add new entry
  9. Enter the Interface Name for all interfaces that will send traffic over sFlow.
  10. Click Commit
  11. To disable the management port, go to Configure > Management Access, and remove the address of the management port. 
    You can also disconnect the cable.  

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Juniper JunOS
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration