Skip to main content
Skip table of contents

Junos Syslog Event

Vendor Documentation


Rule NameRule TypeClassificationCommon Event
Junos Syslog EventBase RuleInformationGeneral Security Information

Mapping with LogRhythm Schema

Device Key in Log Message

LogRhythm Schema

Data Type

Schema Description

N/AN/AN/AThe time when the log was generated on the SRX Series device.
N/AN/AN/AThe time when the log was received on the log collector.
N/AN/AN/AThe name of the SRX Series device.
N/A<vendorinfo>Text/StringThe event name of the log.
Source-CountryN/AN/AThe source country name.
source-address<sip>IP AddressThe source IP address from where the event occurred.
Destination-CountryN/AN/ADestination country name from where the event occurred.
destination-address<dip>IP AddressThe destination IP address of the event.
source-port<sport>NumberThe source port of the event.
destination-port<dport>NumberThe destination port of the event.
Description<subject>Text/StringThe description of the log.
Attack-name<threatname>Text/StringAttack name of the log: Trojan, worm, virus, etc.
Threat-Severity<severity>Text/StringThe severity level of the threat.
Policy Name<policy>Text/StringThe policy name in the log.
UTM-category or Virus-NameN/AN/AThe UTM category of the log.
URL<url>Text/StringAccessed URL name that triggered the event.
Event categoryN/AN/AThe event category of the log.
Username<account>Text/StringThe username of the log.
Action<action>Text/StringAction taken for the event: warning, allow, and block.
Log-SourceN/AN/AThe IP address of the log source.
ApplicationN/AN/AThe application name from which the events or logs are generated
Hostname<sname>Text/StringThe host name in the log.
Service-NameN/AN/AThe name of the application service. For example, FTP, HTTP, SSH, etc.
Nested-ApplicationN/AN/AThe nested application in the log.
source-zone-nameN/AN/AThe source zone of the log.
destination-zone-nameN/AN/AThe destination zone of the log.
Protocol-ID<protnum>NumberThe protocol ID in the log.
RolesN/AN/AThe role name associated with the log.
Reason<reason>Text/StringThe reason for the log generation. For example, a connection tear down may have an associated reason such as authentication failed.
NAT-Source-Port<snatport>NumberThe translated source port.
NAT-Destination-Port<dnatport>NumberThe translated destination port.
NAT-Source-Rule-NameN/AN/AThe NAT source rule name.
NAT-Destination-Rule-NameN/AN/AThe NAT destination rule name.
NAT-Source-address<snatip>IP AddressThe translated (or natted) source IP address. It can contain IPv4 or IPv6 addresses.
nat-destination-address<dnatip>IP AddressThe translated (also called natted) destination IP address.
Traffic-Session-ID<session>NumberThe traffic session ID of the log.
Path-NameN/AN/AThe path name of the log.
Logical-system-NameN/AN/AThe name of the logical system.
Rule-NameN/AN/AThe name of the rule.
Profile-NameN/AN/AThe name of the All events profile that triggered the event.
Client-Hostname<dname>Text/StringHostname of the client.
Malware-InfoN/AN/AInformation of the malware.
Logical-Subsystem-NameN/AN/AThe name of the logical system in JSA logs.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.