Security Director Log Collector Overview https://www.juniper.net/documentation/en_US/junos-space18.1/topics/concept/junos-space-sd-lc-overview-installing.html
About Log Collector:
The Junos Space Security Director Logging and Reporting module enables log collection across multiple SRX Series devices and enables log visualization.
Log Collector can be deployed as:
- All-in-One Node (almost all our clients use this type)
- Log Receiver Node (Distributed deployment)
- Log Indexer Node (Distributed deployment)
Log Collector requires one IP address for management and receive flow from device in All-in-One deployment.
Log Collector does not offer a supported way of firewalling itself. You will want to firewall it in your environment, at a minimum restricting access to internal subnets, better yet restricting access to trusted subnets. This is a list of the services used. Juniper have a KB article on this (KB18148) which might be more accurate.
Our installation will be provided by ovftool so it must be downoladed and installed on the local computer.
- inbound for admin console access. Optional Ping inbound.
- DNS, NTP and SMTP outbound to your DNS/NTP/SMTP servers. Optional Ping outbound.
|1||DNS server address|
|2||NTP server address|
|4||Physical IP and Network Mask|
In our situation we use All-in-One type of deployment.
Default login and password
To deploy Log Collector VM on a VMware ESX server:
1. Download the latest Log Collector and open this virtual appliance (OVA) image from the download site.
2. Using VMware vSphere WEB Client or ovftool, deploy the Log Collector OVA image onto the VMware ESX server.
# ovftool -ds=datastore1 -n=logcollector-01 -dm=thin –net:”Network 1″=”VM Network” “Log-Collector-18.2R1.26.ova” ‘vi://root:PASSWORD@10.10.146.100’
|Option Long Name||Option Short Name||Relevant Source Types||Relevant Target Types||Description|
|–datastore||-ds||N/A||VI||Target datastore name for a VI or vSphere
|Select target disk format. Supported formats
are: monolithicSparse, monolithicFlat,
twoGbMaxExtentFlat, seSparse (vSphere
target), eagerZeroedThick (vSphere target),
thin (vSphere target), thick (vSphere
target), sparse, and flat.
|–name||-n||N/A||All Specifies the target name. Defaults to the source name.|
|N/A||Sets a network assignment in the deployed OVF
package. For example, –net:=. OVF packages contain
symbolic names for network names which are
assigned with this option. For multiple network
mappings, repeat the option, separating them
with a blank, for example, –net:s1=t1
3. Change the CPU and memory for the system requirement when it comes to the required events per second (eps).
4. Power on the Log Collector VM.
Press „8” or other
Press „36” or other
Press „1” for confirmation
5. Use the default credentials to log in to Log Collector. The username is root and password is juniper123.
6. Change the default password of the VM.
7. Select one of the following node types:
- Enter 1 to deploy Log Collector as in All-in-One node.
8. Configure your network settings.
After setting up the Log Collector, add the Log Collector node to Security Director.