diff --git a/package/etc/conf.d/filters/juniper/junos.conf b/package/etc/conf.d/filters/juniper/junos.conf index 4c259e3..f5c4256 100644 --- a/package/etc/conf.d/filters/juniper/junos.conf +++ b/package/etc/conf.d/filters/juniper/junos.conf @@ -3,5 +3,6 @@ filter f_juniper_junos_structured { }; filter f_juniper_junos_standard { - program("RT_IDP|RT_FLOW|RT_IDS|RT_UTM|Juniper"); + program("RT_IDP|RT_FLOW|RT_IDS|RT_UTM|Juniper") or + message("PFE_FW_|DFWD_") }; \ No newline at end of file diff --git a/package/etc/conf.d/log_paths/p_rfc3164-juniper_junos.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc3164-juniper_junos.conf.tmpl index abe69d4..c2ec00e 100644 --- a/package/etc/conf.d/log_paths/p_rfc3164-juniper_junos.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc3164-juniper_junos.conf.tmpl @@ -17,9 +17,9 @@ log { if (program('RT_IDP')) { rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:idp"), index("netids"), template("t_standard"))}; parser {p_add_context_splunk(key("juniper_idp")); }; - } elif (program('RT_FLOW')) { + } elif (program('RT_FLOW') or message('PFE_FW_|DFWD_')) { rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:firewall"), index("netfw"), template("t_standard"))}; - parser {p_add_context_splunk(key("juniper_junos_flow")); }; + parser {p_add_context_splunk(key("juniper_junos_fw")); }; } elif (program('RT_IDS')) { rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:idp"), index("netids"), template("t_standard"))}; parser {p_add_context_splunk(key("juniper_junos_ids")); }; diff --git a/package/etc/conf.d/log_paths/p_rfc_5424_strict-juniper_junos.conf.tmpl b/package/etc/conf.d/log_paths/p_rfc_5424_strict-juniper_junos.conf.tmpl index bf1b644..3e56a4c 100644 --- a/package/etc/conf.d/log_paths/p_rfc_5424_strict-juniper_junos.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_rfc_5424_strict-juniper_junos.conf.tmpl @@ -18,7 +18,7 @@ log { parser {p_add_context_splunk(key("juniper_idp_structured")); }; } elif (program('RT_FLOW')) { rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:firewall:structured"), index("netfw"), template("t_JSON_5424")) }; - parser {p_add_context_splunk(key("juniper_junos_flow_structured")); }; + parser {p_add_context_splunk(key("juniper_junos_fw_structured")); }; } elif (program('RT_IDS')) { rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:idp:structured"), index("netids"), template("t_JSON_5424")) }; parser {p_add_context_splunk(key("juniper_junos_ids_structured")); }; diff --git a/package/etc/context-local/splunk_index.csv b/package/etc/context-local/splunk_index.csv index 711baf0..e93911a 100644 --- a/package/etc/context-local/splunk_index.csv +++ b/package/etc/context-local/splunk_index.csv @@ -14,10 +14,10 @@ #juniper_idp,index,netids #juniper_structured,index,netops #juniper_idp_structured,index,netids -#juniper_junos_flow_structured,index,netfw +#juniper_junos_fw_structured,index,netfw #juniper_junos_ids_structured,index,netids #juniper_junos_utm_structured,index,netfw -#juniper_junos_flow,index,netfw +#juniper_junos_fw,index,netfw #juniper_junos_ids,index,netids #juniper_junos_utm,index,netfw #juniper_sslvpn,index,netfw