PCAP Syslog Combination log source parameters for Juniper SRX Series
If QRadar does not automatically detect the log source, add a Juniper SRX Series log source on the QRadar Console by using the PCAP Syslog Combination protocol.
QRadar detects the syslog data and adds the log source automatically. The PCAP data can be added to QRadar as Juniper SRX Series Services Gateway log source by using the PCAP Syslog combination protocol. Adding the PCAP Syslog Combination protocol after QRadar auto discovers the Junos OS syslog data adds a log source to your existing log source limit. Deleting the existing syslog entry, then adding the PCAP Syslog Combination protocol adds both syslog and PCAP data as single log source.
When using the PCAP Syslog Combination protocol, there are specific parameters that you must use.
Parameter | Value |
---|---|
Log Source type | Juniper SRX-series Services Gateway |
For a complete list of PCAP Syslog Combination protocol parameters and their values, see c_logsource_PCAPprotocol.html.