Identify the LogRhythm System Monitor Agent that will be used for log collection.
Configure the Management Port
The Management Port on the SSL/VPN device must be configured and enabled to send logs via syslog. Configuration can be completed through a serial connection or through the Admin Console.
Configure Through a Serial Port
- Start a serial console session.
- Select item 1, System Settings and Tools.
- Select item 10, Configure Management port.
The text indicates if the option is enabled or disabled.
- Enter the network settings for the Management Port as prompted.
- When prompted to accept changes, type y if they are correct.
If they are not correct, repeat the process.
- Close serial console.
Configure Through the Admin Console
- Ensure the backend management network is already configured.
- Connect your management network gateway to the SSL/VPN device via the Management Port.
- In the Admin Console, click System, click Network, and then click Management Port.
- Click Enabled.
- Enter port information: IP address, netmask, and default gateway.
- Click Save Changes.
Configure Juniper SSL and VPN
The SSL/VPN device logs data to text files stored on the device. There are several types of logs that can be collected - Events log, User Access log, Administrator Access log, Sensors log and Client upload log.
To set the SSL/VPN device to send the logs to LogRhythm via syslog, access System, then Log/Monitoring to enable syslog.
Configure LogRhythm for Juniper SSL and VPN
No additional changes are necessary to configure LogRhythm to work with Juniper SSL/VPN.