Support for Juniper SSL VPN

Unanswered Question
randytoni Thu, 01/29/2009 - 06:37

we're evaluating various SSL vpn solutions and would also be interested in the response to this question

shairolbit Thu, 07/08/2010 - 01:54

How to integrate Juniper ssl vpn log or syslog with CS-MARS? How to edit the log parser for this device in CS-MARS

shairolbit Fri, 07/09/2010 - 04:11

I've already have the guideline, I'm requesting for example to help me conveniently. 

Scott Fringer Fri, 07/09/2010 - 04:31

You would need to navigate to:

MANAGEMENT>Device Type Management

Select the checkbox next to the specific device/version combination to

which you wish to extend or add a new event. For example "NetScreen

ScreenOS 6.0"

If you wish to add a new device message for parsing, click "Add Device

Event Type". You need to now define the specifics of the new device

event; provide a unique device event ID and then select the CS-MARS

event to which this event ID will be mapped and then click "Apply"

If you wish to extend an existing parsed message, click "Edit Parser".

Next select the desired device event ID and click "Edit". You can then

add any necessary parsing changes to the selected device event ID.

In both instances, the last step is to define regular expression-based

patterns to parse out the various components of the raw message that the

device is generating and forwarding to the CS-MARS. You will work from

left to right in the raw message, each component is considered a

position and should be discernible by a consistent key pattern (i.e. tab

(\t), colon :, semi-colon ;, etc). Each pattern will need to then

define the parsed field information (source address, source port,

destination address, destination port, time, etc). CS-MARS will provide

some pre-defined patterns, but you can also create your own to match the

specifics of the message format. Add the patterns required to match and

parse the values of interest from the event in question. You can test

your pattern matching as you develop the parser.


shairolbit Tue, 07/13/2010 - 04:54

Do you have the finished custom parser for this device or something similar to it?

Scott Fringer Tue, 07/13/2010 - 05:05

As I do not have access to the raw messages for that specific device, I

am unable to create a custom parser for it.

Customers that create custom parsers are encouraged to share them via

the "Mars Package Sharing" forum here in the Support Communities.



This Discussion