Juniper partners who use OneConfig's Application and Network Risk Report (ANR) as a pre-sales solution will be pleased to hear that TLS support has been added to our solution. We have the ability to process security policy logs to get a detailed view of 'Top Talkers' and 'Geographic IP'. Now we can gather those logs securely using TLS.
With more recent versions of Junos on SRX branch it is possible to support TLS for syslog. This means that the syslog data can be sent encrypted to OneConfig. This feature has been supported from 12.1X47-D20.
Here is an example of the configuration to enable the TLS syslog on your SRX:
set security log mode stream
set security log format syslog
set security log source-interface fe-0/0/7.0
set security log transport protocol tls
set security log transport tls-profile ssl-i
set security log stream oneconfig format syslog
set security log stream oneconfig category all
set security log stream oneconfig host logs.mydomain.com
set services ssl initiation profile ssl-i protocol-version all
set services ssl initiation profile ssl-i actions ignore-server-auth-failure
And, of course, you enable the logging option in the security policies you want to see logs for.
By Martyn Lomax JNCIE-SP #876 (email@example.com)