{ "name": "juniper_srx", "title": "Juniper SRX", "version": "1.27.1", "release": "ga", "description": "Collect logs from Juniper SRX devices with Elastic Agent.", "type": "integration", "download": "/epr/juniper_srx/juniper_srx-1.27.1.zip", "path": "/package/juniper_srx/1.27.1", "icons": [ { "src": "/img/logo.svg", "path": "/package/juniper_srx/1.27.1/img/logo.svg", "title": "Juniper logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.0 || ^9.0.0" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "network", "security", "firewall_security" ], "signature_path": "/epr/juniper_srx/juniper_srx-1.27.1.zip.sig", "format_version": "3.0.3", "readme": "/package/juniper_srx/1.27.1/docs/README.md", "license": "basic", "assets": [ "/package/juniper_srx/1.27.1/LICENSE.txt", "/package/juniper_srx/1.27.1/changelog.yml", "/package/juniper_srx/1.27.1/manifest.yml", "/package/juniper_srx/1.27.1/validation.yml", "/package/juniper_srx/1.27.1/docs/README.md", "/package/juniper_srx/1.27.1/img/logo.svg", "/package/juniper_srx/1.27.1/kibana/tags.yml", "/package/juniper_srx/1.27.1/data_stream/log/manifest.yml", "/package/juniper_srx/1.27.1/data_stream/log/sample_event.json", "/package/juniper_srx/1.27.1/docs/knowledge_base/service_info.md", "/package/juniper_srx/1.27.1/data_stream/log/fields/agent.yml", "/package/juniper_srx/1.27.1/data_stream/log/fields/base-fields.yml", "/package/juniper_srx/1.27.1/data_stream/log/fields/ecs.yml", "/package/juniper_srx/1.27.1/data_stream/log/fields/fields.yml", "/package/juniper_srx/1.27.1/data_stream/log/agent/stream/logfile.yml.hbs", "/package/juniper_srx/1.27.1/data_stream/log/agent/stream/tcp.yml.hbs", "/package/juniper_srx/1.27.1/data_stream/log/agent/stream/udp.yml.hbs", "/package/juniper_srx/1.27.1/data_stream/log/elasticsearch/ingest_pipeline/atp.yml", "/package/juniper_srx/1.27.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml", "/package/juniper_srx/1.27.1/data_stream/log/elasticsearch/ingest_pipeline/flow.yml", "/package/juniper_srx/1.27.1/data_stream/log/elasticsearch/ingest_pipeline/idp.yml", "/package/juniper_srx/1.27.1/data_stream/log/elasticsearch/ingest_pipeline/ids.yml", "/package/juniper_srx/1.27.1/data_stream/log/elasticsearch/ingest_pipeline/secintel.yml", "/package/juniper_srx/1.27.1/data_stream/log/elasticsearch/ingest_pipeline/system.yml", "/package/juniper_srx/1.27.1/data_stream/log/elasticsearch/ingest_pipeline/utm.yml" ], "policy_templates": [ { "name": "juniper", "title": "Juniper SRX logs", "description": "Collect Juniper SRX logs from syslog or a file.", "inputs": [ { "type": "udp", "title": "Collect logs from Juniper SRX via UDP", "description": "Collecting syslog from Juniper SRX via UDP." }, { "type": "tcp", "title": "Collect logs from Juniper SRX via TCP", "description": "Collecting syslog from Juniper SRX via TCP." }, { "type": "filestream", "title": "Collect logs from Juniper SRX via file", "description": "Collecting syslog from Juniper SRX via file." } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "juniper_srx.log", "title": "Juniper SRX logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "tcp", "vars": [ { "name": "syslog_host", "type": "text", "title": "Syslog Host", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "syslog_port", "type": "integer", "title": "Syslog Port", "multi": false, "required": true, "show_user": true, "default": 9006 }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "juniper-srx", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate: \"/etc/server/cert.pem\"\n#key: \"/etc/server/key.pem\"\n" }, { "name": "tcp_options", "type": "yaml", "title": "Custom TCP Options", "description": "Specify custom configuration options for the TCP input. See [TCP](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-tcp.html) for details.", "multi": false, "required": false, "show_user": false, "default": "#max_connections: 1\n#framing: delimiter\n#line_delimiter: \"\\n\"\n" } ], "template_path": "tcp.yml.hbs", "title": "Juniper SRX logs", "description": "Collect Juniper SRX logs via TCP", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "udp", "vars": [ { "name": "syslog_host", "type": "text", "title": "Syslog Host", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "syslog_port", "type": "integer", "title": "Syslog Port", "multi": false, "required": true, "show_user": true, "default": 9006 }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "juniper-srx", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#read_buffer: 100MiB\n#max_message_size: 50KiB\n#timeout: 300s\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "udp.yml.hbs", "title": "Juniper SRX logs", "description": "Collect Juniper SRX logs via UDP", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "filestream", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": true, "show_user": true, "default": [ "/var/log/juniper-srx.log" ] }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "juniper-srx", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false } ], "template_path": "logfile.yml.hbs", "title": "Juniper SRX logs", "description": "Read Juniper SRX logs from a file", "enabled": false, "ingestion_method": "File" } ], "package": "juniper_srx", "path": "log" } ] }