Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring a Log Source

 

JSA automatically discovers and identifies most incoming syslog events from external sources.

The following configuration steps are optional.

To create a log source:

  1. Click the Admin tab.
  2. On the navigation menu, click Data Sources.

    The Data Sources pane is displayed.

  3. Click the Log Sources icon.

    The Log Sources window is displayed.

  4. In the Log Source Name field, type a name for your Symark PowerBroker log source.
  5. In the Log Source Description field, type a description for the log source.
  6. From the Log Source Type list, select Symark PowerBroker.
  7. From the Protocol Configuration list, select Syslog.

    The syslog protocol parameters are displayed.

  8. Configure the following values:

    Table 1: Adding a Syslog Log Source

    Parameter

    Description

    Log Source Identifier

    Type the IP address or host name for your Symark PowerBroker appliance.

    Enabled

    Select this check box to enable the log source. By default, this check box is selected.

    Credibility

    From the list, select the credibility of the log source. The range is 0 - 10. The credibility indicates the integrity of an event or offense as determined by the credibility rating from the source devices. Credibility increases if multiple sources report the same event. The default is 5.

    Target Event Collector

    From the list, select the Target Event Collector to use as the target for the log source.

    Coalescing Events

    Select this check box to enable the log source to coalesce (bundle) events.

    Automatically discovered log sources use the default value that is configured in the Coalescing Events list in the System Settings window, which is accessible on the Admin tab. However, when you create a new log source or update the configuration for an automatically discovered log source you can override the default value by configuring this check box for each log source.

    Store Event Payload

    Select this check box to enable or disable JSA from storing the event payload.

    Automatically discovered log sources use the default value from the Store Event Payload list in the System Settings window, which is accessible on the Admin tab. However, when you create a new log source or update the configuration for an automatically discovered log source you can override the default value by configuring this check box for each log source.

  9. Click Save.
  10. On the Admin tab, click Deploy Changes.