Skip to content

[juniper_srx] Update Juniper SRX documentation #15836

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[juniper_srx] Update Juniper SRX documentation #15836

wants to merge 2 commits into from
+838 −82

Conversation

@mjwolf
Copy link
Contributor

@mjwolf mjwolf commented Oct 31, 2025

Proposed commit message

Update Juniper SRX documentation, with more details on use cases, compatibility, set up instructions, and troubleshooting steps.

This also adds a knowledge_base file to the package, which can be used by other tools to which use information about this integration.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
    - [ ] I have verified that any added dashboard complies with Kibana's Dashboard good practices

Screenshots

Update documentation as rendered in Kibana:
juniper_srx_docs

@mjwolf
[juniper_srx] Update Juniper SRX documentation
aff97df 
Update Juniper SRX documentation, with more details on use cases,
compatibility, set up instructions, and troubleshooting steps.
@mjwolf mjwolf requested a review from a team as a code owner October 31, 2025 23:00
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Oct 31, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@andrewkroh andrewkroh added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:juniper_srx Juniper SRX Team:Integration-Experience Security Integrations Integration Experience [elastic/integration-experience] labels Oct 31, 2025
@elasticmachine
Copy link

elasticmachine commented Oct 31, 2025

Pinging @elastic/integration-experience (Team:Integration-Experience)

@elasticmachine
Copy link

elasticmachine commented Nov 3, 2025

💚 Build Succeeded

History

qcorporation
qcorporation reviewed Nov 7, 2025
View reviewed changes
packages/juniper_srx/docs/README.md
**Issue: Events are not parsed correctly.**
* **Verify Syslog Format**: Ensure the log format on the SRX device is set to `structured-data + brief`. Custom log formats may not parse correctly.
* **Check Junos OS Version**: Confirm you are running Junos OS 19.x or later.
Copy link
Contributor

@qcorporation qcorporation Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mjwolf how do we know that it's been tested for 19.x or later?
From https://www.juniper.net/documentation/product/us/en/junos-os/#cat=release_notes JunOS is at 25.2 - is that what we want to say? Have we actually tested it against 19.x version or later?

qcorporation
qcorporation reviewed Nov 7, 2025
View reviewed changes
packages/juniper_srx/_dev/build/docs/README.md

The Juniper SRX integration collects the following log types from SRX devices:

* **RT_FLOW**: Session creation, closure, and denial events, including NAT translations.
Copy link
Contributor

@qcorporation qcorporation Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you think it's valuable to list the subsections of the different message types. The old version of the documentation had a full table, i.e. RT_FLOW -> RT_FLOW_SESSION_CREATE, RT_FLOW_SESSION_CLOSE. Do you think we are loosing information here that the user might want

qcorporation
qcorporation reviewed Nov 7, 2025
View reviewed changes
Copy link
Contributor

@qcorporation qcorporation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall it's really good the improvements, just two lingering questions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@qcorporation qcorporation qcorporation left review comments

@alaudazzi alaudazzi Awaiting requested review from alaudazzi

@cpascale43 cpascale43 Awaiting requested review from cpascale43

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:juniper_srx Juniper SRX Team:Integration-Experience Security Integrations Integration Experience [elastic/integration-experience]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mjwolf @elasticmachine @qcorporation @andrewkroh