Connect your Juniper SRX firewall to Azure Sentinel


The Juniper SRX connector is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

This article explains how to connect your Juniper SRX firewall appliance to Azure Sentinel. The Juniper SRX data connector allows you to easily connect your SRX logs with Azure Sentinel, so that you can view the data in workbooks, use it to create custom alerts, and incorporate it to improve investigation. Integration between Juniper SRX and Azure Sentinel makes use of Syslog.


Data will be stored in the geographic location of the workspace on which you are running Azure Sentinel.


  • You must have read and write permission on the Azure Sentinel workspace.

  • Your Juniper SRX solution must be configured to export logs via Syslog.

Forward Juniper SRX logs to the Syslog agent

Configure Juniper SRX to forward Syslog messages to your Azure Sentinel workspace via the Syslog agent.

  1. In the Azure Sentinel navigation menu, select Data connectors.

  2. From the Data connectors gallery, select the Juniper SRX (Preview) connector, and then Open connector page.

  3. Follow the instructions on the Juniper SRX connector page:

    1. Install and onboard the agent for Linux

      • Choose an Azure Linux VM or a non-Azure Linux machine (physical or virtual).
    2. Configure the logs to be collected

      • Select the facilities and severities in the workspace agents configuration.
    3. Configure and connect the Juniper SRX

Find your data

After a successful connection is established, the data appears in Log Analytics under Syslog.

See the Next steps tab in the connector page for some useful sample queries.

Validate connectivity

It may take up to 20 minutes until your logs start to appear in Log Analytics.

Next steps

In this document, you learned how to connect Juniper SRX to Azure Sentinel. To learn more about Azure Sentinel, see the following articles: