Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Juniper SA (ive)

fisk12
Path Finder
‎01-16-2011 01:28 PM

Is anyone having splunk monitoring their juniper secure access machines? And if so, can can you tell me some about how you have done it?

Tags (1)
Reply

jaoui
Path Finder
‎10-17-2011 07:24 PM

Hey, I started working through this one and so far I have this for one of my searches:

("Login succeeded" OR "Logout from" OR "Session timed out" OR "Max session timeout" OR "Remote address for user") | rex field=_raw "[(?\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})]\s+(?\w+)((?[^)]+))[(?[^]]*)" | rex field=_raw "(session:(?[^)]+))" | transaction user src keepevicted=true startswith="Login succeeded" endswith=("Session timed out" OR "Logout from" OR "Max session timeout" OR "Remote address for user") | search NOT ("Logout from" OR "Session timed out" OR "Max session timeout" OR "Remote address for user") | eval user = lower(user) | table _time user realm src sessionid host | sort user

this is starting to give me a printout of the currently logged in users. I have to tweak it a bit cuz i think it's not catching some logout/login conditions but here it is if it helps anyone else

0 Karma
Reply

jaoui
Path Finder
‎10-17-2011 03:43 PM

have you had any luck? I'm just starting to try to pull information out of our IVE's logs

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...