Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

ISC Bind

 

You can integrate an Internet System Consortium (ISC) BIND device with JSA. An ISC BIND device accepts events using syslog.

You can configure syslog on your ISC BIND device to forward events to JSA.

  1. Log in to the ISC BIND device.
  2. Open the following file to add a logging clause:

    named.conf

    logging {

    channel <channel_name> {

    syslog <syslog_facility>;

    severity <critical | error | warning | notice | info | debug [level ] | dynamic >;

    print-category yes;

    print-severity yes;

    print-time yes;

    };

    category queries {

    <channel_name>;

    };

    category notify {

    <channel_name>;

    };

    category network {

    <channel_name>;

    };

    category client {

    <channel_name>;

    };

    };

    For Example:

    logging {

    channel QRadar {

    syslog local3;

    severity info;

    };

    category queries {

    QRadar;

    };

    category notify {

    QRadar;

    };

    category network {

    QRadar;

    };

    category client {

    QRadar;

    };

    };

  3. Save and exit the file.
  4. Edit the syslog configuration to log to your JSA using the facility you selected in Step 2:

    <syslog_facility>.* @<IP Address>

    Where <IP Address> is the IP address of your JSA.

    For example:

    local3.* @192.16.10.10

    Note

    JSA only parses logs with a severity level of info or higher.

  5. Restart the following services.

    service syslog restart

    service named restart

You can now configure the log source in JSA.