Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Juniper Networks Junos WebApp Secure

 

The Juniper WebApp Secure DSM for JSA accepts events that are forwarded from Juniper Junos WebApp Secure appliances by using syslog.

Juniper Junos WebApp Secure provides incident logging and access logging events to JSA. Before you can receive events in JSA, you must configure event forwarding on your Juniper Junos WebApp Secure, then define the events that you want to forward.

Configuring Syslog Forwarding

To configure a remote syslog server for Juniper Junos WebApp Secure, you must use SSH to connect to a configuration interface. You can use the configuration interface to set up or configure core settings on your Juniper Junos WebApp Secure appliance.

  1. Use SSH on port 2022 to log in to your Juniper Junos WebApp device.

    https://<IP address>:<port>

    Where:

    • <IP address> is the IP address of your Juniper Junos WebApp Secure appliance.

    • <Port> is the port number of your Juniper Junos WebApp Secure appliance configuration interface.

    The default SSH configuration port is 2022.

  2. From the Choose a Tool menu, select Logging.
  3. Click Run Tool.
  4. From the Log Destination menu, select Remote Syslog Server.
  5. In the Syslog Server field, type the IP address of your JSA console or Event Collector.
  6. Click Save.
  7. From the Choose a Tool menu, select Quit.
  8. Type Exit to close your SSH session.

You are now ready to configure event logging on your Juniper Junos WebApp Secure appliance.

Configuring Event Logging

The Juniper Junos WebApp Secure appliance must be configured to determine which logs are forwarded to JSA.

  1. Using a web browser, log in to the configuration site for your Juniper Junos WebApp Secure appliance.

    https://<IP address>:<port>

    Where:

    • <IP address> is the IP address of your Juniper Junos WebApp Secure appliance.

    • <Port> is the port number of your Juniper Junos WebApp Secure appliance.

      The default configuration uses a port number of 5000.

  2. From the navigation menu, select Configuration Manager.
  3. From the configuration menu, select Basic Mode.
  4. Click the Global Configuration tab and select Logging.
  5. Click the link Show Advanced Options.
  6. Configure the following parameters:

    Table 1: Juniper Junos WebApp Secure Logging Parameters

    Parameter

    Description

    Access logging: Log Level

    Click this option to configure the level of information that is logged when access logging is enabled.

    The options include the following levels:

    • 0 Access logging is disabled.

    • 1 - Basic logging.

    • 2 Basic logging with headers.

    • 3 Basic logging with headers and body.

    Note: Access logging is disabled by default. It is suggested that you enable access logging only for debugging purposes. For more information, see your Juniper Junos WebApp Secure documentation.

    Access logging: Log requests before processing

    Click this option and select True to log the request before it is processed, then forward the event to JSA.

    Access logging: Log requests to access log after processing

    Click this option and select True to log the request after it is processed. After Juniper Junos WebApp Secure processes the event, then it is forwarded to JSA.

    Access logging: Log responses to access log after processing

    Click this option and select True to log the response after it is processed. After Juniper Junos WebApp Secure processes the event, then the event is forwarded to JSA.

    Access logging: Log responses to access log before processing

    Click this option and select True to log the response before it is processed, then forward the event to JSA.

    Incident severity log level

    Click this option to define the severity of the incident events to log. All incidents at or above the level that is defined are forwarded to JSA.

    The options include the following levels:

    • 0 Informational level and later incident events are logged and forwarded.

    • 1 - Suspicious level and later incident events are logged and forwarded.

    • 2 Low level and later incident events are logged and forwarded.

    • 3 Medium level and later incident events are logged and forwarded.

    • 4 - High level and later incident events are logged and forwarded.

    Log incidents to the syslog

    Click this option and select Yes to enable syslog forwarding to JSA.

    The configuration is complete. The log source is added to JSA as Juniper Junos WebApp Secure events are automatically discovered. Events that are forwarded to JSA by Juniper Junos WebApp Secure are displayed on the Log Activity tab of JSA.

Configuring a Log Source

JSA automatically discovers and creates a log source for syslog events from Juniper Junos WebApp Secure. The following configuration steps are optional.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.
  4. Click the Log Sources icon.
  5. Click Add.
  6. In the Log Source Name field, type a name for your log source.
  7. In the Log Source Description field, type a description for the log source.
  8. From the Log Source Type list, select Juniper Junos WebApp Secure.
  9. From the Protocol Configuration list, select Syslog.
  10. Configure the following values:

    Table 2: Syslog Protocol Parameters

    Parameter

    Description

    Log Source Identifier

    Type the IP address or host name for the log source as an identifier for events from your Juniper Junos WebApp Secure appliance.

  11. Click Save.
  12. On the Admin tab, click Deploy Changes.