Juniper Networks JunOS Switch

• What is Discovered and Monitored
• Event Types
• Rules
• Reports
• Configuration
• Settings for Access Credentials

What is Discovered and Monitored

Protocol	Information Discovered	Metrics collected	Used for
SNMP (V1, V2c)	Host name, JunOS version, Hardware model, Network interfaces,	Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Hardware status: Power Supply, Fan, Temperature	Availability and Performance Monitoring
Telnet/SSH	Running and startup configuration	Startup configuration change, delta between running and startup configuration	Performance Monitoring, Security and Compliance
SNMP (V1, V2c, V3)	Trunk port connectivity between switches and VLANs carried over a trunk port, End host Layer 2 port mapping: switch interface to VLAN id, end host IP/MAC address association		Topology and end-host location
Syslog		System logs and traffic logs matching acl statements	Availability, Security and Compliance
sflow		Traffic flow	Availability, Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "junos" to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

• SNMP
• Syslog
• Sample JunOS Syslog Messages
• sFlow

SNMP

1. Log in to the device manager for your JunOS switch with administrator privileges.
2. Go to Configure > Services > SNMP.
3. Under Communities, click Add.
4. Enter a Community Name.
5. Set Authorization to read-only.
6. Click OK.

Syslog

1. Log in to the device manager for your JunOS switch with administrator privileges.
2. Go to Dashboard > CLI Tools > CLI Editor.

3. Edit the syslog section to send syslog to FortiSIEM.

   JunOS Syslog Configuration

   system {
      ....
      syslog {
          user * {
               any emergency;
          }
          host <FortiSIEM Ip> {
               any any;
               explicit-priority;
          }
          file messages {
               any notice;
               authorization info;
          }
          file interactive-commands {
               interactive-commands any;
          }
          time-format year millisecond;
      }
   ....
   }
   

4. Click Commit.

Sample JunOS Syslog Messages

190>May 11 13:54:10 20.20.20.20 mgd[5518]: UI_LOGIN_EVENT: User 'example_user' login, class 'j-super-user' [5518], ssh-connection '192.168.28.21 39109 172.16.5.64 22', client-mode 'cli'

<38>Nov 18 17:50:46 login: %AUTH-6-LOGIN_INFORMATION: User phoenix_agent logged in from host 192.168.20.116 on device ttyp0

sFlow

Routing the sFlow Datagram in EX Series Switches

According to Juniper documentation, the sFlow datagram cannot be routed over the management Ethernet interface (me0) or virtual management interface (vme0) i n an EX Series switch implementation. It can only be exported over the network Gigabit Ethernet or 10-Gigabit Ethernet ports using valid route information in the routing table.

1. Log in to the device manager for your JunOS switch with administrator privileges.
2. Go to Configure > CLI Tools > Point and Click CLI.
3. Expand Protocols and select slow.
4. Next to Collector, click Add new entry.
5. Enter the IP address for your FortiSIEM virtual appliance.
6. For UDP Port, enter 6343.
7. Click Commit.
8. Next to Interfaces, click Add new entry.
9. Enter the Interface Name for all interfaces that will send traffic over sFlow.
10. Click Commit.
11. To disable the management port, go to Configure > Management Access, and remove the address of the management port.
    You can also disconnect the cable.

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting	Value
Name	<set name>
Device Type	Juniper JunOS
Access Protocol	See Access Credentials
Port	See Access Credentials
Password config	See Password Configuration