Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace

NetScreen Firewall

Avatar Manjul Bhattarai
December 11, 2024 08:23
Follow
app-360001167689.png

Release Details

Fields

Details

Name

NetScreen Firewall

Version

5.0.0

Supported On

LogPoint v6.0.0 and later

Release Date

2020-05-14

Document Date 2020-05-14
Download NetScreenFirewall_5.0.0.pak
SHA256  50fd88cdf0eff776768fb2c3f856392241047abd5aecf751163a532fe8ca669c

 

Package Details

The application consist of the components:

  1. Dashboard Package
    • LP_NetScreen Firewall 
  2. Normalization Package
    • LP_NetScreen Firewall 
  3. Label Package
    • LP_NetScreen Firewall 

Enhancement

A minor update has been done in the application’s normalizer for better signature handling.

General Description

The NetScreen Firewall application normalizes NetScreen Firewall events and enables you to analyze NetScreen Firewall data using pre-set dashboard views. You can further customize the dashboard and searches to perform in-depth analysis.

Installation 

Follow these steps to install the Netscreen Firewall v5.0.0 plugin:

  1. Download the Netscreen Firewall package from the Download section above.
  2. Add the firewall as a device in LogPoint.
  3. Create a collection policy with the Syslog collector and appropriate processing policy. 
  4. Assign the policy to the device.
  5. Add the dashboard.

Supported Version

The supported version of Windows with LogPoint in this configuration is:

  • NetScreen Firewall - ScreenOS v5.4.0.

Configuration Of Sources

Configuration of Juniper Networks NetScreen

Configure using Command Line Interface

Type the following commands to configure the Juniper Networks NetScreen via command line:

    • Set syslog config <ip_address> <security_facility> <local_faciltiy>
    • Set syslog config <ip_address> port 514
    • Set syslog config <ip_address> log all
    • Set syslog enable

Configure using WebUI    

Follow these steps to configure the Juniper Networks NetScreen via WebUI:

  1. Open WebUI. Refer to KB4317 - [ScreenOS] Accessing your Juniper firewall device using the WebUI for more information.
  2. From the console menu, click on Configuration. Then click on Report Settings, and then select Syslog.
    NetFir1.png
  3. Select Enable Syslog Messages from the syslog page. From the ‘Source Interface’ drop-down menu, select the interface from which syslog packets are sent.
    NetFir2.png
  4. Enter the necessary information for each syslog server that is being added. Maximum of 4 syslog servers can be used to send the syslog messages.
    • Enable: Select this option to enable the syslog server.
    • IP/Hostname: Enter the IP address of the syslog host.
    • Port: Enter the port to which the syslog messages is to be sent by the security devices. The default port selected is UDP 514.
    • Security Facility: It classifies and sends security messages to the syslog host.
    • Facility: It classifies and sends all other messages for events unrelated to security.
    • Event Log: Select this option to send logs to the host.
    • Traffic Log: Select this option to send traffic logs to the host.
    • TCP: Select this option to use TCP as the protocol for the communication between syslog server and the device.

      Note: Consult KB14982 - Device May Become Unmanageable after Enabling TCP Syslog before selecting the TCP option. 
  5. Click Apply and the configuration will be saved.

Log Format

Netscreen Firewall

Expected Log Format

  • Space delimited key-value pairs

Log Sample

<133>ipxx-xx-xxxxx-x: NetScreen device_id=ipxx-xx-xxxxxx-xx  [pp]system-notification-00257(traffic): start_time="2014-04-09 08:19:59" duration=63 policy_id=55 service=Web Service proto=17 src zone=Web dst zone=Untrust action=Deny sent=402 rcvd=304 src=1.1.1.1 dst=1.1.1.1 src_port=1 dst_port=2 src-xlated ip=1.1.1.1 port=59834 dst-xlated ip=1.1.1.1 port=123 session_id=1004244 reason=Close - AGE OUT

To export data to LogPoint use Syslog collector on port 514 on the LogPoint server.

Support

If you have any queries or require assistance, please feel free to contact our support team:

Email:             servicedesk@logpoint.com

Phone:           +45 7060 6100

Best regards,

Comments

Article is closed for comments.

Related articles

  • Netgear Firewall
  • NGinX
  • Juniper Firewall (JunOS)
  • Netapp Filer FAS3240
  • Support Overview
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.