Juniper Security Binary Log Collector protocol configuration options
You can configure a log source to use the Security Binary Log Collector protocol. With this protocol, Juniper appliances can send audit, system, firewall, and intrusion prevention system (IPS) events in binary format to QRadar.
The Security Binary Log Collector protocol in an inbound/passive protocol.
The binary log format from Juniper SRX or J Series appliances are streamed by using the UDP protocol. You must specify a unique port for streaming binary formatted events. The standard syslog port 514 cannot be used for binary formatted events. The default port that is assigned to receive streaming binary events from Juniper appliances is port 40798.
Parameter | Description |
---|---|
Protocol Configuration | Security Binary Log Collector |
Log Source Identifier |
Type a unique name for the log source. The Log Source Identifier can be any valid value and does not need to reference a specific server. It can also be the same value as the Log Source Name. If you have more than one configured Juniper Security Binary Log Collector log source, ensure that you give each one a unique name. |
XML Template File Location | The path to the XML file used to decode the binary
stream from your Juniper SRX or Juniper J Series appliance. By
default, the device support module (DSM) includes an XML file for
decoding the binary stream. The XML file is in the following directory: /opt/qradar/conf/security_log.xml. |