Juniper SSL VPN Report
I am trying to create a Failed Login by username report in tabular form. I am using table "VPN Security" and choose the following within that table, username, DeviceAddress, DeviceHostname, count(Username) which works fine. Now i want to add a column in the report that shows the source address of each user, the syslog message itself has this address at the beginning of the "message" but i am not sure how to extract that for my report.
Any help would be much appreciated.
First I would like to know if you are using Content 2.0 or the old event source update. If it is old one, then usually Juniper VPN source address (client address) is captured in "Foreign Address" column. If you want to confirm the same, run a query in "Analysis" tab under table "VPN Security". Here you can find the source address of the clients.
If you are using Content 2.0, then the source address will be captured in "Source Address" column. I have faced problems with the way the address was captured (It depends which version of VPN are you using) and the table should be "VPN".
Goto Overview->SystemConfiguration->Messages->ManageMessagestoParse-> <Find your device>... This would let you know under which table your logs are getting stored for any device.