Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Your FireEye System for Communication with JSA

 

To enable FireEye to communicate with JSA, configure your FireEye appliance to forward syslog events.

  1. Log in to the FireEye appliance by using the CLI.
  2. To activate configuration mode, type the following commands:

    enable

    configure terminal

  3. To enable rsyslog notifications, type the following command:

    fenotify rsyslog enable

  4. To add JSA as an rsyslog notification consumer, type the following command:

    fenotify rsyslog trap-sink JSA

  5. To specify the IP address for the JSA system that you want to receive rsyslog trap-sink notifications, type the following command:

    fenotify rsyslog trap-sink JSA address <JSA_IP_address>

  6. To define the rsyslog event format, type the following command:

    fenotify rsyslog trap-sink JSA prefer message format leef

  7. To save the configuration changes to the FireEye appliance, type the following command:

    write memory