Skip to content

Commit

Permalink
Update Juniper filter (#108)
Browse files Browse the repository at this point in the history
* Update Juniper filter

* Update index context key for Juniper filter
  • Loading branch information
mbonsack authored and Ryan Faircloth committed Oct 2, 2019
1 parent f4d696e commit a4126bd
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 6 deletions.
3 changes: 2 additions & 1 deletion package/etc/conf.d/filters/juniper/junos.conf
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,6 @@ filter f_juniper_junos_structured {
};

filter f_juniper_junos_standard {
program("RT_IDP|RT_FLOW|RT_IDS|RT_UTM|Juniper");
program("RT_IDP|RT_FLOW|RT_IDS|RT_UTM|Juniper") or
message("PFE_FW_|DFWD_")
};
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ log {
if (program('RT_IDP')) {
rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:idp"), index("netids"), template("t_standard"))};
parser {p_add_context_splunk(key("juniper_idp")); };
} elif (program('RT_FLOW')) {
} elif (program('RT_FLOW') or message('PFE_FW_|DFWD_')) {
rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:firewall"), index("netfw"), template("t_standard"))};
parser {p_add_context_splunk(key("juniper_junos_flow")); };
parser {p_add_context_splunk(key("juniper_junos_fw")); };
} elif (program('RT_IDS')) {
rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:idp"), index("netids"), template("t_standard"))};
parser {p_add_context_splunk(key("juniper_junos_ids")); };
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ log {
parser {p_add_context_splunk(key("juniper_idp_structured")); };
} elif (program('RT_FLOW')) {
rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:firewall:structured"), index("netfw"), template("t_JSON_5424")) };
parser {p_add_context_splunk(key("juniper_junos_flow_structured")); };
parser {p_add_context_splunk(key("juniper_junos_fw_structured")); };
} elif (program('RT_IDS')) {
rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:idp:structured"), index("netids"), template("t_JSON_5424")) };
parser {p_add_context_splunk(key("juniper_junos_ids_structured")); };
Expand Down
4 changes: 2 additions & 2 deletions package/etc/context-local/splunk_index.csv
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@
#juniper_idp,index,netids
#juniper_structured,index,netops
#juniper_idp_structured,index,netids
#juniper_junos_flow_structured,index,netfw
#juniper_junos_fw_structured,index,netfw
#juniper_junos_ids_structured,index,netids
#juniper_junos_utm_structured,index,netfw
#juniper_junos_flow,index,netfw
#juniper_junos_fw,index,netfw
#juniper_junos_ids,index,netids
#juniper_junos_utm,index,netfw
#juniper_sslvpn,index,netfw
Expand Down

0 comments on commit a4126bd

Please sign in to comment.