Skip to content

Juniper Srx Parser

Description

Constructor: Juniper

Product: Srx

Device: 12.1X46-D35

Log format: Firewall

Theoretical injector performance

9916 EPS

Log Sample :

1
RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.40 source-address=]
1
RT_FLOW - RT_FLOW_SESSION_DENY [junos@2636.1.1.1.2.40 source-address=]

Parsing strategy

  1. Check if the log starts with a Juniper header: [RT_FLOW - RT_FLOW_SESSION_DENY [junos\@2636.1.1.1.2.40] (where [RT_FLOW_SESSION_DENY] is [[alarm][name]])
  2. A [key/value] operation is done on the rest
  3. A binding to normalize field