[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5676
  • Last Modified:

Get SNMP traffic from Juniper Netscreen 5GT

I have a couple of Juniper Netscreen 5GTs that I need to put in place of some cheep Linksys routers.  I cannot figure out how to get a report of what URls have been visited.  I can get this out of the linksys  so I can't believe that I can't get this out of the Netscreen without buying an additional $10K worth of software.  Can the netscreens be set up to send this information to a specific IP address via SNMP?
0
MERCOMMS
Asked:
MERCOMMS
  • 3
  • 2
1 Solution
 
ccreamer_22Commented:
You can set up logging to a syslog server. First set up a policy allowing the traffic you want to monitor. (HTTP & HTTPS for example.) Then turn logging on for that policy. Then in the WebUI, go to Configuration > Report Settings > Syslog. Enable syslog messages, set your source port for sending the syslogs (Most likely your trusted interface). TCP 514 is the most common port used, but you can set it to just about anything you want. Set the reports to go to a syslog server ip address. Make sure you check traffic log so you can get the traffic sent out. Then add syslog server service to a Windows server with the same ip address that you set up to report to on the firewall. Here is a demonstration for Windows server 2003, but you can set one up on just about any operating system.

http://www.winsyslog.com/Common/en/Articles/configuring-syslog-server.php

You will need an event log analyzer after that unless you really like reading though a bunch of text yourself. If so, more power to you. I've used several event log analyzers. ReportGen for Netscreen 1.1.3 is a decent shareware analyzer that is designed for Netscreens and runs on windows. Download and try it. If you like it, I think it's $39.00. Have fun.
0
 
MERCOMMSAuthor Commented:
I configured a policy as you described, downloaded and installed WinSysLog Config Client, downloaded and installed ReportGen.

Report Gen is asking for a log file.

How do I tell if log traffic is coming in?  How do I view the log?
0
 
ccreamer_22Commented:
The steps for configuring WinSysLog are here:
http://www.winsyslog.com/Common/en/stepbystep/simple-syslog-server-MWA30.php

You should browse with report gen to where you set up the log file. See http://rnrsoft.com/DOCS/RGISA-Docs/overview.htm
This link is for the ISA server product, but it is set up very much the same.
0
 
MERCOMMSAuthor Commented:
Thanks  I have logs coming in but is there any way for it to list the domain visited?  

I have checked the box in the services configuration for Resolve Hose Names.
0
 
MERCOMMSAuthor Commented:
I wrote an app to process the log file that does DNS lookup to convert IP address to URL.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now