Integrating Juniper Junos - EventTracker · IDP license. is required to use this feature. 1. Select . ... EventTracker: Integrating Juniper Junos 8 . F. Configure Enhanced Web Filtering:

EventTracker 8815 Centre Park Drive

Columbia MD 21045 www.eventtracker.com

Publication Date: Mar 19, 2015

Integrating Juniper Junos

EventTracker v7.x

http://www.eventtracker.com/�

EventTracker: Integrating Juniper Junos

1

About this guide This guide provides instructions to configure Juniper Junos to send the syslog events to EventTracker Enterprise.

Scope The configurations detailed in this guide are consistent with EventTracker Enterprise version 7.x and later and Juniper Junos version 11.4 & later.

Audience Juniper Junos users, who wish to forward syslog events to EventTracker manager.

The information contained in this document represents the current view of Prism Microsystems Inc. on the issues discussed as of the date of publication. Because Prism Microsystems must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Prism Microsystems, and Prism Microsystems cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only. Prism Microsystems MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this paper may be freely distributed without permission from Prism, as long as its content is unaltered, nothing is added to the content and credit to Prism is provided.

Prism Microsystems may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Prism Microsystems, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.

© 2014 Prism Microsystems Corporation. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.


2

Table of Contents

Overview ....................................................................................................................................................... 3

Pre-requisite ................................................................................................................................................ 3

Verify Software Version on Juniper device …………………………………………………………………….……………..3 Configure Juniper Junos to send Syslog Messages from Juniper device Using J-Web to EventTracker……………………..………………………………………………………………………………………………………… 4 Configure Syslog logging………………………….……………………….…………………………………………….……………5

Enable logging for Security policy………………………………………………………………………………..…….………….5

Enable DAI on one or more VLANs………………………………………………………..………………………………..…….6

Enable a trusted DHCP server on one or more interfaces………………………………..………….…….…………..6

Configure Firewall Screen Options……………………………………………………………………….….…….……………..6

Configure Enhanced Web Filtering …………………………………………………………………….…..…………..………..7

Import Juniper JunOS knowledge pack into EventTracker ……………………………………………………..…….14

Import Category ..................................................................................................................................... 15

Import Alerts .......................................................................................................................................... 16

Import Token Value ............................................................................................................................... 17

Import Flex Reports .............................................................................................................................. 18

Verify Juniper Junos knowledge pack in EventTracker……………………………….………………………….……..20

Verify Juniper Junos Categories ........................................................................................................... 20

Verify Juniper Junos Alerts ................................................................................................................... 20

Verify Juniper Junos Token Values ....................................................................................................... 21

Verify Juniper Junos Flex Reports ........................................................................................................ 22

EventTracker Knowledge Pack………………………………………………………………………..…………………….…….23

Categories…………………………………………………………………….…………………………………………………………23

Alerts ...................................................................................................................................................... 37

Sample Flex reports ……………………………………………………….……………………………………..…………………..42


3

Overview Juniper Junos is the FreeBSD-based operating system used in Juniper Networks hardware routers. It is an operating system that is used in Juniper's routing, switching and security devices.

EventTracker supports Juniper Junos, it forwards the syslog messages to EventTracker manager. EventTracker generates the alert and report for critical events.

Pre-requisite • EventTracker V 7.x should be installed. • Juniper Junos 11.4 and later should be installed. • To enable logging in some features advanced licenses are required.

Verify Software Version on Juniper device

a. Using CLI: • Login as root. • Enter following command.

root> show version

b. Using J-Web: • Login Junos device using J-Web. • Enter valid username and password when prompted. • J-Web Dashboard appears, your Software Version is listed in System Identification

section below Hostname.

http://en.wikipedia.org/wiki/FreeBSD�

http://en.wikipedia.org/wiki/Juniper_Networks�

http://en.wikipedia.org/wiki/Operating_system�

http://en.wikipedia.org/wiki/Junos�


4

Figure 1

Figure 2


5

Configure Juniper Junos to send Syslog Messages from Juniper device Using J-Web to EventTracker A. Configure Syslog logging:

Syslog is a standard for forwarding log messages in an IP network. Syslog captures log information provided by network devices.

1. Log in to the Juniper device.

2. Click Configure > CLI Tools > Point and Click CLI in the Juniper device.

3. Expand System and click Syslog.

4. In the Syslog page, click Add New Entry placed next to 'Host'.

5. Enter the IP address of the remote Syslog server (i.e., EventTracker).

6. Click Apply to save the configuration.

Figure 3


6

B. Enable logging for Security policy:

1. Select Configure > Security > Policy > FW Policies. 2. Click on the policy for which you would like to enable logging. 3. Navigate to Logging/Count and in Log Options, select Log at Session Close Time.

Figure 4

C. Enable Dynamic ARP Inspection on one or more VLANs: 1. Select Configure>Security>Port Security.

2. Select one or more VLANs from the VLAN list.

3. Click the Edit button. If a message appears asking if you want to enable port security, click Yes.

4. Select the Enable ARP Inspection on VLAN check box and then click OK.

5. Click OK after the command has been successfully delivered.

D. Enable a trusted DHCP server on one or more interfaces:

1. Select Configure>Security>Port Security.


7

2. Select one or more interfaces from the Port list.

3. Click the Edit button. If a message appears asking “if you want to enable port security”,

click Yes.

4. Select the Trust DHCP check box and then click OK.

5. Click OK after the command has been successfully delivered.

E. Configure Firewall Screen Options:

IDP license is required to use this feature.

1. Select Configure>Security>Screens.

2. Click Add to define screen objects; the screen objects page appears as shown.

3. Fill in the screen options as per requirement.

4. To apply the configuration and return to the main Configuration page, click OK.

Figure 5


8

F. Configure Enhanced Web Filtering: Websense license is required to use this feature.

Configure Global Web Filter Option

1. Go to Configure > Security > UTM > Web Filtering.

2. Click Global options.

3. Click the Juniper enhanced tab.

4. For Cache timeout, enter the timeout (in minutes) for the expiration of cache entries (for

example, 18000)

Figure 6

5. For Cache Size, enter the maximum number of kilobytes (KB) for the cache (for example,

500).

6. For Server Host, enter the Surf Control server name or IP address (for example,

rp.cloud.threadseeker.com).

7. For Server Port, enter the port number that is to be used to communicate with the surf

control server (for example, 80).


9

8. Click OK; a status pop-up window is displayed. If the configuration changes are

successfully saved, the pop-up window is automatically closed. If the changes are not

saved successfully, click Details for more information.

Create Profile

Create a profile name and select a category from the included whitelist and blacklist

categories:

1. Go to Configure > Security > UTM > Web Filtering. 2. Click Add. 3. For the Profile name, enter a custom profile (in this example, it is my_ewfprofile01)

Figure 7

4. Click OK. A status pop-up window is displayed. If the configuration changes are successfully saved, the pop-up window is automatically closed. If the changes are not saved successfully, click Details for more information.

Figure 8


10

5. Select this profile from the profile list (my_ewfprofile01).

6. From the URL category action list, select the category and the action that is associated with the category. Click Add to add more categories and associated actions. For example, click the Categories scroll button, select Enhanced_Business_and_Economy, click the Actions scroll button, and then select Block.

Figure 9

7. Click OK. A status pop-up window is displayed. If the configuration changes are successfully saved, the pop-up window is automatically closed. If the changes are not successfully saved, click Details for more information.

8. Go to Site Reputation Action and click Log and permit for all or required actions.

Figure 10


11


10. Go to Main, and for the Default action, select Log and permit.

Figure 11

To configure a UTM Policy for Enhanced Web Filtering:

1. Go to Configure > Security > Policy > UTM Policies.

2. Click Add to configure a UTM policy; the Add Policy window is displayed.

3. Click the Main tab

4. In the Policy Name text field, enter a unique name for the UTM policy (for example,

mypolicy)


12

Figure 12

5. In the Session per client limit text field, enter a session per client limit from 0 to 20000 for

this UTM policy.

6. For the Session per client over limit, select one of the following - Log and Permit or Block.

This is the action that the device takes, when the session per client limit for this UTM policy

is exceeded.

7. Click the Web filtering profiles tab.

8. Next to HTTP profile, select my_ewfprofile01.

Figure 13


13


Attach UTM to Security Policy

To attach the UTM policy to a security policy

1. Go to Configure > Security > Policy > FW Policies.

2. Click Add; the Add Policy window is displayed.

3. Click the Policy tab.

4. In the Policy Name text field, enter the name of the policy (for example, web-filter).

Figure 14

5. Next to From Zone, select a zone from the list (for example, trust).

6. Next to To Zone, select a zone from the list (for example, untrust).

7. Select a source address (for example, any).

8. Select a destination address (for example, any).


14

9. Click the Application Services tab.

10. Next to UTM Policy, select the UTM policy to be attached to the security policy (in this

example, mypolicy).

Figure 15

11. Click OK; a status pop-up window is displayed. If the configuration changes are successfully saved, the pop-up window is automatically closed. If the changes are not successfully saved, click Details for more information.

12. Click the Commit button (under the tabs).

Import Juniper Junos knowledge pack into EventTracker

1. Launch EventTracker Control Panel. 2. Double click Export Import Utility, and then click Import tab.

Import Category/Alert/Tokens/ Flex Reports as given below.


15

Import Category

1. Click Category option, and then click the browse button.

Figure 16

3. Locate Juniper Junos.iscat file, and then click the Open button. 4. To import categories, click the Import button.

EventTracker displays success message.


16

Figure 17

5. Click OK, and then click the Close button.

Import Alerts

1. Click Alerts option, and then click the browse button.

Figure 18

2. Locate Juniper Junos.isalt file, and then click the Open button.

3. To import alerts, click the Import button.


17


Figure 19


Import Token Value

1. Click Token Value option, and then click the browse button.

2. Locate Juniper Junos.istoken file, and then click the Open button.

Figure 20


18

3. To import token value, click the Import button.


Figure 21


Import Flex Reports

1. Click Scheduled Reports option, and then click the browse button.

2. Locate Juniper Junos.issch file, and then click the Open button.


19

Figure 22

3. To import scheduled reports, click the Import button.


Figure 23



20

Verify Juniper Junos knowledge pack in EventTracker

Verify Juniper Junos Categories 1. Logon to EventTracker Enterprise.

2. Click the Admin menu, and then click Category.

3. In Category Tree to view imported categories, scroll down and expand Juniper Junos group folder to view the imported categories.

Figure 24

Verify Juniper Junos Alerts 1. Logon to EventTracker Enterprise.

2. Click the Admin menu, and then click Alerts.

3. In Search field, type “Juniper Junos”, and then click the Go button.

Alert Management page will display all the imported Juniper Junos alerts.


21

Figure 25

4. To activate the imported alerts, select the respective checkbox in the Active column. EventTracker displays message box.

Figure 26

5. Click OK, and then click the Activate Now button.

NOTE: You can select alert notification such as Beep, Email, and Message etc. For this, select the respective checkbox in the Alert management page, and then click the Activate Now button.

Verify Juniper Junos Token Values 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Parsing Rules.


22

3. In Token Value Group Tree to view imported token values, scroll down and click Juniper Junos group folder. Token values are displayed in the token value pane.

Figure 27

Verify Juniper Junos Flex Reports 1. Logon to EventTracker Enterprise. 2. Click the Reports menu, and then Configuration. 3. Select Defined in report type. 4. In Report Groups Tree to view imported Scheduled Reports, scroll down and click Juniper

Junos group folder. Scheduled Reports are displayed in the Reports configuration pane.


23

Figure 28

EventTracker Knowledge Pack

Categories JUNOS Accounting error: This category based report provides information related to

accounting error.

JUNOS Alarms: This category based report provides information related to generated alarms.

JUNOS Audit error: This category based report provides information related to audit errors.

JUNOS Login success: This category based report provides information related to login success.

JUNOS Point to point protocol error: This category based report provides information related to P2P error.

JUNOS UDP forwarding process error: This category based report provides information related to UDP forwarding process error.

JUNOS VPN error: This category based report provides information related to errors in VPN.

JUNOS Link flap: This category based report provides information related to link flaps.


24

JUNOS STP change: This category based report provides information related to change in STP.

JUNOS Adaptive services error: This category based report provides information related to adaptive services process, which provides the user interface for management and configuration of adaptive services physical interface cards in JUNOS.

JUNOS Adaptive services process error: This category based report provides information related to adaptive services process errors in JUNOS.

JUNOS Alarmd process: This category based report provides information related to events generated by alarm process.

JUNOS AMD failure: This category based report provides information related to events generated by alarm-mgmt process.

JUNOS Antispam detected: This category based report provides information related to what action should be performed when the device detects a message that it seems to be spam.

JUNOS Antivirus content dropped: This category based report provides information related to antivirus content dropped in JUNOS.

JUNOS Antivirus pattern error: This category based report provides information related to antivirus pattern error in JUNOS.

JUNOS Antivirus scanner ready: This category based report provides information related to antivirus scan engine when it is related to scan the traffic.

JUNOS Application identification license expired: This category based report provides information related to APPID signature update license key expired.

JUNOS Application proxy error: This category based report provides information related to application proxy errors in JUNOS.

JUNOS Application status: This category based report provides information related to application identification process related application status.

JUNOS Application tracking process: This category based report provides information related to application tracking process (apptrack).

JUNOS ASP critical messages: This category based report provides information related to ASP critical messages in JUNOS.


25

JUNOS AUDITD error: This category based report provides information related to audit process, which notifies the radius accounting server of user activity on the routing platform of JUNOS.

JUNOS Authentication denied: This category based report provides information related to authentication denied in JUNOS.

JUNOS Authentication failed: This category based report provides information related to authentication failed in JUNOS.

JUNOS Authentication success: This category based report provides information related to authentication success in JUNOS.

JUNOS AUTOD: This category based report provides information related to auto installation process, which controls the initialization of J-series services routers in JUNOS.

JUNOS Bidirectional detection error: This category based report provides information related to bidirectional forwarding detection protocol process, which detects failures in the bidirectional path between two routing platforms in JUNOS.

JUNOS Bidirectional process state changed: This category based report provides information related to state changed to up or down for the indicated bidirectional forwarding detection process.

JUNOS Bind failure: This category based report provides information related to bind failure in JUNOS.

JUNOS Boot parameter error: This category based report provides information related to boot parameter process error in JUNOS.

JUNOS Chassis error: This category based report provides information related to chassis process, which controls hardware components on the routing platform in JUNOS.

JUNOS Chassis manager process: This category based report provides information related to chassis manager process which controls hardware components on the routing platform.

JUNOS Class of service error: This category based report provides information related to class-of-service process, which enables the routing platform to provide different levels of service to applications based on packet classifications in JUNOS.

JUNOS Connectivity-fault management: This category based report provides information related to connectivity-fault management process and link-fault management process, which supports operation, administration, and maintenance functions in JUNOS.

JUNOS Content blocked: This category based report provides information related to the content filtering blocked in JUNOS.


26

JUNOS Data center bridging protocol status: This category based report provides information related to interface process (lldpd), which is a discovery and capability exchange protocol to discover peers and exchange information.

JUNOS DCD configuration discrepancy: This category based report provides information related to current configuration which has a few discrepancies to be addressed.

JUNOS Forwarding class accounting error: This category based report provides information related to forwarding class accounting not supported error.

JUNOS DCD GRE config error: This category based report provides information related to GRE tunnel configuration error.

JUNOS DCD incompatible configuration: This category based report provides information related to interface process (dcd) found, configuration that will not be supported in future releases.

JUNOS DCD memory allocation failed: This category based report provides information related to memory allocation failure during initialization for configuration load.

JUNOS DCD RLT config error: This category based report provides information related to IFD interface which cannot be a member interface of RLT.

JUNOS DCD system error: This category based report provides information related to interface process, which controls the physical interface devices and logical interfaces in the routing platform in JUNOS.

JUNOS DDOS flow messages: This category based report provides information related to distributed denial-of-service attack (DDoS), which is a denial-of-service (DoS) attack originating from multiple source addresses.

JUNOS DDOS protocol violation: This category based report provides information related to protocol violation considered as a ddos attack.

JUNOS DDOS routing socket failure: This category based report provides information related to ddos system process (jddosd) experienced the indicated error with a routing socket.

JUNOS DFCD memory allocation error: This category based report provides information related to the dynamic flow capture process (dfcd) which could not allocate memory for linh message and gencfg message.

JUNOS DHCP error: This category based report provides information related to dynamic host configuration protocol server process for J-series services routers in JUNOS.


27

JUNOS DOT1XD authentication process: This category based report provides information related to authentication processes such as 802.1X, MAC RADIUS, or captive portal, which control access to a network through a Juniper Networks EX Series Ethernet Switch.

JUNOS Dynamic flow control error: This category based report provides information related to dynamic flow control process, which monitors packet flows using dynamically alterable filtering criteria in JUNOS.

JUNOS Dynamic VPN auth failure: This category based report provides information related to Access Manager Client which is used in the dynamic VPN feature related to authentication failure.

JUNOS Dynamic VPN auth success: This category based report provides information related to connection manager authentication process which was able to authenticate the indicated user/token successfully.

JUNOS Dynamic VPN connection initialized successfully: This category based report provides information related to connection manager which is initialized successfully.

JUNOS Dynamic VPN connection messages: This category based report provides information related to Access Manager Client which is used in the dynamic VPN feature related to connection notification or deletion request.

JUNOS Dynamic VPN license assigned: This category based report provides information related to access manager client that has successfully acquired a license and is permitted to connect to the device.

JUNOS Dynamic VPN license error: This category based report provides information related to Access Manager Client which is used in the dynamic VPN feature related to license error.

JUNOS Dynamic VPN license installed: This category based report provides information related to Access Manager License that was installed successfully on this device.

JUNOS ESWD system error: This category based report provides information related to ESWD system log messages in JUNOS.

JUNOS Event policy error: This category based report provides information related to event policy process, which performs configured actions in response to events on a routing platform in JUNOS.

JUNOS Fabric OAM error: This category based report provides information related to QFabric switch Operations, Administration, and Maintenance (OAM) process (faboamd), which enables OAM operations (such as a fabric ping) across different devices in the QFabric switch.


28

JUNOS Fiber channel fabric created: This category based report provides information related to fiber channel fabric creation.

JUNOS Fiber channel fabric deletion: This category based report provides information related to fiber channel fabric deletion.

JUNOS Fiber channel port status: This category based report provides information related to fiber Channel process (fcd) which connects servers to disks and tape devices in a storage area network related to port status.

JUNOS File system access error: This category based report provides information related to file system access process, which provides trivial FTP support for file transfer between services, physical interface cards and other routing platform devices in JUNOS.

JUNOS Firewall process error: This category based report provides information related to firewall process, which manages compilation, firewall configuration on routers and downloading of JUNOS firewall filters.

JUNOS FIP end node removed: This category based report provides information related to FIP end node removed from a fibre channel fabric.

JUNOS FIP end node timer expired: This category based report provides information related to FIP end node keepalive timer expired.

JUNOS FIP max filter reached: This category based report provides information related to maximum number of allowed FCoE filters reached.

JUNOS FIP protocol startstop: This category based report provides information related to FIP protocol started or stopped on an interface.

JUNOS VN port login failed: This category based report provides information related to VN_Port login rejected.

JUNOS VN port timer expired: This category based report provides information related to VN_Port keepalive timer expired.

JUNOS Flexible pic concentrator error: This category based report provides information related to flexible PIC concentrator login process, which provides direct login access to physical interface module in JUNOS.

JUNOS FLOGI VN port login failed: This category based report provides information related to FIP FLOGI/FDISC from the end node failure.

JUNOS General packet radio service process error: This category based report provides information related to general packet radio service process (gprsd) that integrates with


29

existing GSM networks and offers mobile subscribers with packet switched data services access to corporate networks and the Internet.

JUNOS Hostname-caching error: This category based report provides information related to the hostname-caching process in JUNOS.

JUNOS Interchassis communication process error: This category based report provides information related to interchassis communication process.

JUNOS Intrusion detection prevention: This category based report provides information related to Intrusion Detection and Prevention (IDP) process in JUNOS.

JUNOS Ipsec authentication: This category based report provides information related to key management process, which provides IP Security authentication services for encrypting Physical Interface Cards in JUNOS.

JUNOS Jdiameter process error: This category based report provides information related to Intrusion Detection and Prevention (IDP) process in JUNOS.

JUNOS Jservices out of address: This category based report provides information related to Network Address Translation (NAT) services which could not allocate an address from the indicated NAT pool, because no addresses were available.

JUNOS Jservices out of ports: This category based report provides information related to Network Address Translation (NAT) services which could not allocate a port from the indicated NAT pool, because no ports were available.

JUNOS JTASK parse error: This category based report provides information related to JTASK parse error.

JUNOS JTASK SNMP error: This category based report provides information related to JTASK SNMP error.

JUNOS JTASK system error: This category based report provides information related to JTASK system error.

JUNOS JTASK task error: This category based report provides information related to JTASK task error.

JUNOS JTRACE failed: This category based report provides information related to process which could not write to the indicated trace file, and stopped attempting to do so. The next commit of the configuration database will re enable tracing.

JUNOS Juniper control system error: This category based report provides information related to Juniper Control System process in JUNOS.


30

JUNOS Juniper redundancy protocol: This category based report provides information related to Juniper services redundancy protocol which controls chassis clustering in JUNOS.

JUNOS Juniper services redundancy protocol monitoring failure: This category based report provides information related to Juniper Services Redundancy Protocol process (JSRPD) that detected monitoring failure.

JUNOS Juniper services RPD node state change: This category based report provides information related to Juniper Services Redundancy Protocol process (JSRPD) that detected an event, such as failover, that caused the state of the chassis cluster node to change due to the reason indicated in the log.

JUNOS Juniper services RPD socket error: This category based report provides information related to Juniper Services Redundancy Protocol process (JSRPD) that detected socket error.

JUNOS script authentication error: This category based report provides information related to JUNOS Script authentication process (jade), which authenticates and checks authorization of client applications using the JUNOS Script application programming interface.

JUNOS LACP interface down: This category based report provides information related to Link Aggregation Control Protocol process (lacpd) which experienced timeout. Hence interface is marked down.

JUNOS LACPD system messages: This category based report provides information related to the Link Aggregation Control Protocol (LACPD) process (lacpd), which supports LACP functions for aggregated Ethernet interfaces.

JUNOS Layer 2 address learning error: This category based report provides information related to layer 2 address learning process which supports the dynamic acquisition of information about media access control addresses in a layer 2 bridge environment in JUNOS.

JUNOS Layer 2 control protocol: This category based report provides information related to layer 2 control protocol process which supports the transmission of control messages for layer 2 spanning tree protocols in a Layer 2 bridge environment in JUNOS.

JUNOS Layer 2 tunneling protocol: This category based report provides information related to layer 2 tunneling protocol process, which provides services that enable tunneling of Point-to-Point Protocol (PPP) sessions across a Layer 3 IP network in JUNOS.

JUNOS LIBJNX account error: This category based report provides information related to LIBJNX login account.


31

JUNOS LIBJNX system error: This category based report provides information related to processes that call routines in the lib juniper library, which includes routines for creating and managing child processes, parsing machine and interface addresses, tracing, file I/O, and other functions.

JUNOS LIBJSNMP process error: This category based report provides information related to processes and libjsnmp process error in JUNOS.

JUNOS LIBMSPRPC system message error: This category based report provides information related to mspinfo process, which is responsible for RPC communication between the Routing Engine and the Multiservcies Physical interface cards.

JUNOS License error: This category based report provides information related to processes that call routines in the liblicense library, which provide software license management functions on a routing platform in JUNOS.

JUNOS License invalid feature ID: This category based report provides information related to indicated process that has encountered an invalid feature id.

JUNOS License revoked DB error: JUNOS License revoked DB error - failed to create or open license revoked db.

JUNOS License version error: This category based report provides information related to indicated process which encountered a system error while trying to obtain release version of JUNOS.

JUNOS Link layer discovery protocol: This category based report provides information related to link layer discovery protocol process in JUNOS.

JUNOS LLDP neighbor court: This category based report provides information related to LLDP which has detected that a neighbor has come up or down for an interface.

JUNOS Local policy function error: This category based report provides information related to local policy decision function process which controls traffic entering the packet-switched network by allocating or denying IP bearer resources in JUNOS.

JUNOS Logical interface isolated: This category based report provides information related to fiber channel over Ethernet logical interface that is isolated.

JUNOS Logical router multiplexer error: This category based report provides information related to logical router multiplexer process, which manages the multiple instances of the routing protocols process on a machine running logical routers in JUNOS.


32

JUNOS Logical system process error: This category based report provides information related to logical system process (lsysd), which handles logical systems on devices running Junos OS.

JUNOS Login failed: This category based report provides information related to login process (login), which performs authentication for Telnet sessions in JUNOS.

JUNOS MAC SA routing socket error: This category based report provides information related to MAC SA Validate system process (jsavald) that experienced the indicated error with a routing socket.

JUNOS MAG service process error: This category based report provides information related to mag-service process (jived) error.

JUNOS Management process: This category based report provides information related to command-line interface and management process, which together form the JUNOS user interface that accepts and processes input from users and client applications.

JUNOS MBG address allocation error: This category based report provides information related to MBG address allocation error in JUNOS.

JUNOS MBG CMD error: This category based report provides information related to MBG CMD error in JUNOS.

JUNOS MBG config error: This category based report provides information related to MBG configuration error in JUNOS.

JUNOS MBG INIT failed: This category based report provides information related to mobility infrastructure initializations, main task creation failed.

JUNOS MBG packet not found: This category based report provides information related to mobility software package (jmobile) which is not currently installed after jinstall package installation.

JUNOS MBG platform not supported: This category based report provides information related to mobility software which is not compatible with the current platform.

JUNOS MBG routing socket initialization failure: This category based report provides information related to mobility infrastructure initialization, internal routing socket library initialization failed, which is used by different application modules for communication.

JUNOS MBG server INIT failed: This category based report provides information related to mobility event server (which communicates with peers on SPIC) creation failed. There is one event server for all the peers.


33

JUNOS MBG server task creation failed: This category based report provides information related to mobility daemon which failed to create maintenance mode server task.

JUNOS MBG task creation failure: This category based report provides information related to Mobility Daemon which failed to create IF Module and Gateway Module task.

JUNOS MBG timer task creation failure: This category based report provides information related to mobility daemon which failed to create alarm timer task, which is a periodic timer to poll alarm related stats.

JUNOS Mirrored traffic analysis: This category based report provides information related to mirrored traffic analysis, generated by the sample process (sampled), which gathers information on mirrored traffic analysis for EX Series switches.

JUNOS Multiprotocol label switching: This category based report provides information related to multiprotocol label switching operation, administration, and maintenance process, which supports trace route operations for LDP in JUNOS label-switched paths.

JUNOS Network time protocol change time: This category based report provides information related to Network Time Protocol process (ntpd) process, which regularly synchronizes system time with internet time servers.

JUNOS NEXTHOP error: This category based report provides information related to process that decides the next hop.

JUNOS NSD sync failed: This category based report provides information related to one or more subcomponents of the network security process (nsd) failed to synchronize their state when the nsd restarted on secondary mode.

JUNOS Packet forwarding engine error: This category based report provides information related to packet forwarding engine controller error in JUNOS.

JUNOS Packet gateway protocol: This category based report provides information related to packet gateway control protocol messages.

JUNOS Packet triggered subscriber process error: This category based report provides information related to packet-triggered subscriber process (jptspd) which creates and manages packet-triggered subscriber interfaces.

JUNOS Periodic packet management error: This category based report provides information related to periodic packet management process, which maintains routing protocol adjacencies for the routing protocol process in JUNOS.

JUNOS Ping system message: This category based report provides information related to ping command, which tests whether a remote machine is accessible across the network.


34

JUNOS Point-to-Point protocol error: This category based report provides information related to Point-to-Point Protocol which processes packets that use PPP in JUNOS.

JUNOS Public key infrastructure process error: This category based report provides information related to Public Key Infrastructure process (pkid), which supports Public Key Infrastructure by maintaining keypairs, certificates and CRLs. It also provides a mechanism to authenticate and enroll certificates.

JUNOS Real time error: This category based report provides information related to routers running JUNOS OS by the Packet Forwarding Engine as it processes packets for security control in real time.

JUNOS Redundant interfaces error: This category based report provides information related to redundant interfaces process, which manages redundant interfaces when they are configured on Adaptive Services Physical Interface Cards in JUNOS.

JUNOS Resource error: This category based report provides information related to insufficient memory and CPU in JUNOS.

JUNOS Router attack: This category based report provides information related to attack detected on router in JUNOS.

JUNOS Router flow app policy violation: This category based report provides information related to deny or reject policy match on one application occurred according to the configured threshold within the specified time window.

JUNOS Router flow dstip policy violation: This category based report provides information related to deny or reject policy match on one destination IP address occurred according to the configured threshold within the specified time window.

JUNOS Router flow messages: This category based report provides information related to process that handles flows on routers running the JUNOS software with enhanced services.

JUNOS Router session info: This category based report provides information related to router session information in JUNOS.

JUNOS protocol AMT error: This category based report provides information related to unicast stream limit, which cannot exceed the maximum unicast stream limit configured.

JUNOS Routing protocol dynamic config error: This category based report provides information related to routing protocol process dynamic configuration error in JUNOS.

JUNOS Routing protocol error: This category based report provides information related to routing protocol in JUNOS.


35

JUNOS Routing protocol IGMP config error: This category based report provides information related to Internet Group Management Protocol configuration error.

JUNOS Routing protocol IGMP dynamic config error: This category based report provides information related to Internet Group Management Protocol dynamic configuration error.

JUNOS Routing protocol L2VPN error: This category based report provides information related to routing protocol process L2VPN error in JUNOS.

JUNOS Routing protocol MLD config error: This category based report provides information related to MLD configuration error in JUNOS.

JUNOS Routing protocol MLD dynamic config error: This category based report provides information related to MLD dynamic configuration error in JUNOS.

JUNOS Routing protocol MPLS OAM error: This category based report provides information related to routing protocol multiprotocol layer switching ping error in JUNOS.

JUNOS Routing protocol MSDP error: This category based report provides information related to routing protocol MSDP error in JUNOS.

JUNOS Routing protocol multicast config error: This category based report provides information related to multicast configuration request failed because the routing protocol process (rpd) failed to create the specified configuration entry.

JUNOS Routing protocol multicast dynamic config error: This category based report provides information related to multicast dynamic configuration error in JUNOS.

JUNOS Routing protocol multicast forwarding error: This category based report provides information related to multicast forwarding error in JUNOS.

JUNOS Routing protocol periodic packet management error: This category based report provides information related to routing protocol process (rpd) which could not write a message on the pipe to the periodic packet management process (ppmd).

JUNOS Routing protocol PIM error: This category based report provides information related to routing protocol PIM error in JUNOS.

JUNOS Routing protocol process kernel error: This category based report provides information related to routing protocol process kernel error in JUNOS.

JUNOS Routing protocol process LMP error: This category based report provides information related to label management protocol process error in JUNOS.

JUNOS Routing protocol process routing table error: This category based report provides information related to routing protocol process routing table error in JUNOS.


36

JUNOS Routing protocol process system call failed: This category based report provides information related to system call made by the routing protocol process (rpd) failed.

JUNOS Routing protocol RIP error: This category based report provides information related to RIP error in JUNOS.

JUNOS Session and resource control error: This category based report provides information related to session and resource control process, which provides a user interface for deploying Internet services in JUNOS.

JUNOS SMTP client process error: This category based report provides information related to smtp client process (smtpd).

JUNOS SNMP error: This category based report provides information related to SNMP agent, management information base II and LIBESPTASK in JUNOS.

JUNOS SSH relay process: This category based report provides information related to ssh-relay process (ssh) in JUNOS.

JUNOS SSHD account access: This category based report provides information related to secure shell process (sshd), which grants you access to specified shell accounts.

JUNOS SSL messages: This category based report provides information related to Secure Sockets Layer (protocol) (SSL) services. These logs contain information about logical system names, SSL proxy whitelists, policy information, and SSL proxy information.

JUNOS System log messages: This category based report provides information related to messages generated by the kernel, Packet Forwarding Engine, PIC, line-card chassis (LCC), switch-card chassis (SCC), etc. are grouped under the SYSTEM messages.

JUNOS Task error: This category based report provides information related to task log messages in JUNOS.

JUNOS TFTP error: This category based report provides information related to Trivial FTP in JUNOS.

JUNOS Transport process error: This category based report provides information related to transport process error in JUNOS.

JUNOS UDP forwarding process error: This category based report provides information related to UDP forwarding process, which forwards UDP packets from a network to a server for services that run over UDP in JUNOS.

JUNOS Unified threat management process error: This category based report provides information related to unified threat management process (utmd) which protects the network from all types of attack.


37

JUNOS Virtual chassis error: This category based report provides information related to virtual chassis control protocol error in JUNOS.

JUNOS Virtual machine error: This category based report provides information related to virtual machine error in JUNOS.

JUNOS Virtual router redundancy error: This category based report provides information related to virtual router redundancy protocol, which provides the user interface for management of VRRP groups in JUNOS.

JUNOS Virus and spam detection: This category based report provides information related to antispam and virus detection in JUNOS.

JUNOS Web filtering process: This category based report provides information related to web filtering process (webfilter), which allows you to manage Internet usage by preventing access to inappropriate web content.

JUNOS Web interface error: This category based report provides information related to hypertext transfer protocol, which provides a graphical user interface for monitoring and configuring J-series services routers in JUNOS.

JUNOS Flow session info: This category based report provides information related to router session information.

JUNOS Login failure: This category based report provides information related to login process.

JUNOS Screen attack info: This category based report provides related to attack detected on router in JUNOS.

JUNOS Webfilter info: This category based report provides related to webfilter process.

Alerts JUNOS Antivirus content dropped: This alert is generated when antivirus content is

dropped in JUNOS.

JUNOS AMD failure: This alert is generated when events are generated for alarm-mgmt process in JUNOS.

JUNOS Antispam detected: This alert is generated when what action should be performed when the device detects a message that it seems to be spam.

JUNOS Antivirus pattern error: This alert is generated when antivirus pattern error occurs in JUNOS.


38

JUNOS Antivirus scanner ready: This alert is generated when antivirus scan engine is ready to scan the traffic.

JUNOS Application identification license expired: This alert is generated when APPID signature update license key has expired.

JUNOS Application status: This alert is generated when application status gets changed in JUNOS.

JUNOS ASP critical messages: This alert is generated when events are generated for services on the Adaptive Services PIC (AS PIC), such as stateful firewall, Network Address Translation (NAT), and intrusion detection service (IDS).

JUNOS AUDITD error: This alert is generated when audit process detects error, which notifies the radius accounting server of user activity on the routing platform of JUNOS.

JUNOS Authentication denied: This alert is generated when authentication denied in JUNOS.

JUNOS Authentication failed: This alert is generated when authentication failed in JUNOS.

JUNOS Authentication success: This alert is generated when authentication gets success in JUNOS.

JUNOS Bind failure: This alert is generated when bind failure occurs in JUNOS.

JUNOS Connectivity fault management: This alert is generated when connectivity-fault management process and link-fault management process occurs, which supports operation, administration, and maintenance functions in JUNOS.

JUNOS Content blocked: This alert is generated when content filtering is blocked in JUNOS.

JUNOS DCD GRE config error: This alert is generated when GRE tunnel configuration error occurs in JUNOS.

JUNOS DCD RLT config error: This alert is generated when IFD interface cannot be a member interface of RLT.

JUNOS DDOD protocol violation: This alert is generated when protocol violation is considered as a ddos attack.

JUNOS DDOS routing socket failure: This alert is generated by ddos system process (jddosd), which experienced the indicated error with a routing socket.

JUNOS DHCP error: This alert is generated when dynamic host configuration protocol server process error occurs for J-series services routers in JUNOS.


39

JUNOS Dynamic VPN auth failure: This alert is generated when Access Manager client, which is used in the dynamic VPN feature, related to authentication fails.

JUNOS Dynamic VPN auth success: This alert is generated when connection manager authentication process was able to authenticate the indicated user/token successfully.

JUNOS VPN connection initialized successfully: This alert is generated when connection manager is initialized successfully.

JUNOS VPN connection messages: This alert is generated when Access Manager client, which is used in the dynamic VPN feature is related to connection notification or deletion request.

JUNOS VPN license assigned: This alert is generated when access manager client has successfully acquired a license, and is permitted to connect to the device.

JUNOS VPN license error: This alert is generated when Access Manager client, which is used in the dynamic VPN feature is related to license error.

JUNOS Dynamic VPN license installed: This alert is generated when Access Manager license was installed successfully on this device.

JUNOS Fiber channel fabric deleted: This alert is generated when fiber channel fabric is deleted.

JUNOS FIP end node timer expired: This alert is generated when FIP end node keepalive timer has expired.

JUNOS FIP VN port login failed: This alert is generated when VN_Port login is rejected.

JUNOS Firewall process error: This alert is generated when firewall process error is detected, which manages compilation, firewall configuration on routers and downloading of JUNOS firewall filters.

JUNOS Intrusion detection prevention: This alert is generated when Intrusion Detection and Prevention (IDP) process is detected in JUNOS.

JUNOS IPsec authentication: This alert is generated when key management process, which provides IP Security authentication services for encryption of Physical Interface Cards in JUNOS.

JUNOS JTASK SNMP error: This alert is generated when JTASK SNMP error occurs in JUNOS.

JUNOS JTRACE failed: This alert is generated when process could not write to the indicated trace file, and stopped attempting to do so. The next commit of the configuration database will re-enable tracing.


40

JUNOS Juniper control system error: This alert is generated when Juniper Control System process error occurs in JUNOS.

JUNOS Juniper services redundancy protocol monitoring failure: This alert is generated when Juniper Services Redundancy Protocol process (JSRPD) detects monitoring failure.

JUNOS Juniper services RPD socket error: This alert is generated when Juniper Services Redundancy Protocol process (JSRPD) detects socket error.

JUNOS LIBJNX account error: This alert is generated when events generated are related to LIBJNX login account.

JUNOS License error: This alert is generated when processes that call routines in the liblicense library detects an error, which provide software license management functions on a routing platform in JUNOS.

JUNOS License invalid feature ID: This alert is generated when the indicated process has encountered an invalid feature id.

JUNOS Logical interface isolated: This alert is generated when the Fibre channel over Ethernet logical interface is isolated.

JUNOS Login failure: This alert is generated when login process (login) fails, which performs authentication for Telnet sessions in JUNOS.

JUNOS MAC SA routing socket error: This alert is generated when MAC SA Validate system process (jsavald) experiences the indicated error with a routing socket.

JUNOS MBG address allocation error: This alert is generated when MBG address allocation error occurs in JUNOS.

JUNOS MBG routing socket initialization failure: This alert is generated when mobility infrastructure initialization, internal routing socket library initialization failed, which is used by different application modules for communication.

JUNOS Mirrored traffic analysis: This alert is generated when mirrored traffic analysis generated by the sample process (sampled), which gathers information on mirrored traffic analysis for EX Series switches.

JUNOS Network time protocol change time: This alert is generated when Network Time Protocol process (ntpd) changes, which regularly synchronizes system time with internet time servers.

JUNOS NSD sync failed: This alert is generated when one or more subcomponents of the network security process (nsd) failed to synchronize their state when the nsd restarts on secondary mode.


41

JUNOS Router attack: This alert is generated when attack detected on router in JUNOS.

JUNOS Router flow policy violation: This alert is generated when deny or reject policy match occurred according to the configured threshold within the specified time window.

JUNOS Routing protocol dynamic config error: This alert is generated when routing protocol process dynamic configuration error occurs in JUNOS.

JUNOS Routing protocol multicast forwarding error: This alert is generated when multicast forwarding error occurs in JUNOS.

JUNOS Routing protocol process routing table error: This alert is generated when routing protocol process routing table error occurs in JUNOS.

JUNOS SNMP error: This alert is generated when NMP agent, management information base II and LIBESPTASK occurs in JUNOS.

JUNOS TFTP error: This alert is related to Trivial FTP in JUNOS.

JUNOS Unified threat management process error: This alert is generated when unified threat management process (utmd) error occurs, which protects the network from all types of attack.

JUNOS Virus and spam detection: This alert is generated when antispam and virus are detected in JUNOS.

JUNOS Web filtering process: This alert is generated when web filtering process (webfilter) is detected, which allows you to manage Internet usage by preventing access to inappropriate web content.

JUNOS Chassis error: This alert is generated when chassisd process fails.

JUNOS Link Flap: This alert is generated when flapping occurs on an interface.

http://localhost:8080/EventTracker/Prism_Admin/Alerts/Default.aspx�

http://localhost:8080/EventTracker/Prism_Admin/Alerts/Default.aspx�


42

Sample Flex reports 1. Junos Console Logon Success

2. Junos Dynamic ARP Inspection Failure


43

3. Junos Flow Session Details

4. Junos Screen Attack Details


44

5. Junos Web filter Details

6. Junos Untrusted DHCP Server Detection


45

Documents

Integrating Juniper Junos - EventTracker · IDP license. is required to use this feature. 1. Select . ... EventTracker: Integrating Juniper Junos 8 . F. Configure Enhanced Web Filtering: