Juniper SRX logs failing to parse when creating a snapshot report

%3CLINGO-SUB%20id%3D%22lingo-sub-1486098%22%20slang%3D%22en-US%22%3EJuniper%20SRX%20logs%20failing%20to%20parse%20when%20creating%20a%20snapshot%20report%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1486098%22%20slang%3D%22en-US%22%3E%3CP%3EJuniper%20SRX%20is%20listed%20as%20supported%2C%20but%20is%20that%20only%20for%20logs%20based%20on%20RT_FLOW_SESSION_CLOSE%3F%20We%20have%20a%20client%20that%20wants%20to%20use%20both%20snapshots%20and%20continuous%20reports%2C%20but%20their%20Juniper%20SRX%20logs%20will%20not%20parse%20-%20they%20log%20based%20on%20RT_FLOW_SESSION_CREATE%2C%20but%20I'm%20unsure%20whether%20that%20is%20the%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20provide%20an%20anonymised%20log%20if%20required.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1486098%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Discovery%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Juniper SRX is listed as supported, but is that only for logs based on RT_FLOW_SESSION_CLOSE? We have a client that wants to use both snapshots and continuous reports, but their Juniper SRX logs will not parse - they log based on RT_FLOW_SESSION_CREATE, but I'm unsure whether that is the issue.

 

I can provide an anonymised log if required.

0 Replies