Configuring the Juniper Networks Binary Log Format (deprecated)

The binary log format from Juniper SRX or J Series appliances are streamed to IBM QRadar by using the UDP protocol. You must specify a unique port for streaming binary formatted events, because the standard syslog port for QRadar cannot understand binary formatted events.

About this task

The default port that is assigned to QRadar for receiving streaming binary events from Juniper appliances is port 40798.

Note: The Juniper Binary Log Collector DSM supports only events that are forwarded in Streaming mode. The Event mode is not supported.

Procedure

  1. Log in to your Juniper SRX or J Series by using the command-line interface (CLI).
  2. Type the following command to edit your device configuration:

    configure

  3. Type the following command to configure the IP address and port number for streaming binary formatted events:

    set security log stream <Name> host <IP address> port <Port>

    Where:

    • <Name> is the name that is assigned to the stream.
    • <IP address> is the IP address of your QRadar Console or Event Collector.
    • <Port> is a unique port number that is assigned for streaming binary formatted events to QRadar. By default, QRadar listens for binary streaming data on port 40798. For a list of ports that are used by QRadar, see the IBM QRadar Common Ports List technical note.
  4. Type the following command to set the security log format to binary:

    set security log stream <Name> format binary

    Where: <Name> is the name that you specified for your binary format stream in Configuring the Juniper Networks Binary Log Format (deprecated).

  5. Type the following command to enable security log streaming:

    set security log mode stream

  6. Type the following command to set the source IP address for the event stream:

    set security log source-address <IP address>

    Where: <IP address> is the IP address of your Juniper SRX Series or Juniper J Series appliance.

  7. Type the following command to save the configuration changes:

    commit

  8. Type the following command to exit the configuration mode:

    exit

What to do next

The configuration of your Juniper SRX or J Series appliance is complete. You can now configure a log source in QRadar.