Configuring the Connection to an Event Log Source
An event log source can be a Microsoft Active Directory domain controller or a Microsoft Exchange server. You can configure up to 100 event log sources for Juniper Identity Management Service that can be a combination of Microsoft Active Directory domain controllers and Exchange servers.
Before you begin, you need the following information:
The hostname or IP address of the Active Directory domain controller or Exchange server
The username and password that you configured for the limited permission user account for event log sources
Juniper Identity Management Service uses the event log timestamp to decide the order of events, and, therefore, you might experience unexpected side issues if your domain controllers and Active Directories are not synchronized. This is more likely to happen across domains than within domains, which typically time-synchronize with their domain controller. Juniper Identity Management Service uses UTC (GMT) internally, and the time zone should not matter, only the time synchronization. See the Windows Time Service Tools and Settings documentation for Windows Server 2016, 2012 R2, or 2008 R2.
To configure the connection to an event log source:
- In the navigation pane, select Data Sources and then select the Event Sources tab.
- In the upper Event Source Configured Data Source pane, click Add. The Add Event Source Configuration page appears.
- If you can utilize the same event source configuration on multiple data sources, from Templates list select from one of the available templates to support the grouping of an event source configuration.
- In the Add Event Source Configuration page, do the following:
- Select either Domain Controller or Exchange Server from the drop-down list to specify the source type.
- Type a description of the source.
- Type the hostname or IPv4 address of the Active Directory domain controller or Exchange server.
- Type the username credential (Login ID) for Juniper Identity Management Service to use to authenticate with the event log source. This is the username credential that you configured for the limited permission user account for event log sources.
- Type the password credential for Juniper Identity Management Service to use to authenticate with the event log source. This is the password credential that you configured for the limited permission user account for event log sources.
- In the Startup Event History Catchup Time text field, type a time period in hours that the JIMS server goes back after a restart and begins collecting event log information from the sources. This value can be between 1 and 10 hours. The default value is 1 hour.
- Click OK to save the settings.