About Log Collector:

The Junos Space Security Director Logging and Reporting module enables log collection across multiple SRX Series devices and enables log visualization.


Log Collector can be deployed as:

  • All-in-One Node (almost all our clients use this type)
  • Log Receiver Node (Distributed deployment)
  • Log Indexer Node (Distributed deployment)

Log Collector requires one IP address for management and receive flow from device in All-in-One deployment.

Log Collector does not offer a supported way of firewalling itself. You will want to firewall it in your environment, at a minimum restricting access to internal subnets, better yet restricting access to trusted subnets. This is a list of the services used. Juniper have a KB article on this (KB18148) which might be more accurate.

Our installation will be provided by ovftool so it must be downoladed and installed on the local computer.

Physical IP:

  • inbound for admin console access. Optional Ping inbound.
  • DNS, NTP and SMTP outbound to your DNS/NTP/SMTP servers. Optional Ping outbound.
Lp. Type IP
1 DNS server address
2 NTP server address
3 Time Zone
4 Physical IP and Network Mask
5 Gateway IP
6 root password
7 Database password
8 SMTP server

In our situation we use All-in-One type of deployment.

LogCollector All-in-One Deployment
LogCollector All-in-One deployment

Default login and password

Lp Login  Password
1 root juniper123
2 admin juniper123

To deploy Log Collector VM on a VMware ESX server:

  1.  Download the latest Log Collector and open this virtual appliance (OVA) image from the download site.
  2. Using VMware vSphere WEB Client or ovftool, deploy the Log Collector OVA image onto the VMware ESX server.
Deploying LogCollector using ovftool

# ovftool -ds=datastore1 -n=logcollector-01 -dm=thin –net:”Network 1″=”VM Network” “Log-Collector-18.2R1.26.ova” ‘vi://root:PASSWORD@’




Option Long Name Option Short Name Relevant Source Types Relevant Target Types Description
–datastore -ds N/A VI Target datastore name for a VI or vSphere deployment.
–diskMode -dm N/A VMX,



Select target disk format. Supported formats are: monolithicSparse, monolithicFlattwoGbMaxExtentSparse,  twoGbMaxExtentFlat,  seSparse (vSphere target),  eagerZeroedThick (vSphere target), thin (vSphere target), thick (vSphere target), sparse, and flat.
–name -n N/A All Specifies the target name. Defaults to the source name.
–net OVF,


N/A Sets a network assignment in the deployed OVF package. For example, –net:=. OVF packages contain symbolic names for network names which are assigned with this option. For multiple network mappings, repeat the option, separating them with a blank, for example, –net:s1=t1 –net:s2=t2 –net:s3=t3.


View from ESXi where we see our logcollector-01 virtual machine

3. Change the CPU and memory for the system requirement when it comes to the required events per second (eps).

4. Power on the Log Collector VM.

Press „8” or other


Press „36” or other


Press „1” for confirmation


Press „Enter”


5. Use the default credentials to log in to Log Collector. The username is root and password is juniper123.


6. Change the default password of the VM.


7. Select one of the following node types:

  • Enter 1 to deploy Log Collector as in All-in-One node.




8. Configure your network settings.


After setting up the Log Collector, add the Log Collector node to Security Director.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.