Log Source Mapping
To monitor the trigger frequency of firewall rules and enable topology event searches, JSA Risk Manager identifies JSA log sources.
By understanding firewall rules you can maintain firewall efficiency and prevent security risks.
A maximum of 255 devices can be mapped to a log source in JSA Risk Manager, but devices can have multiple log sources.
Log Source Mapping Display Options
If you configured your network device as a JSA log source, the Configuration Monitor page displays one of the following entries in the Log Source column:
Auto-Mapped If JSA Risk Manager identifies and maps the log source to the device automatically.
Username If an administrator manually added or edited a log source.
Blank If JSA Risk Manager is unable to identify a log source for the device, the Log Source column shows no value. You can manually create a log source mapping.
For more information about configuring log sources, see the Log Sources Users Guide.
Creating or Editing a Log Source Mapping
If JSA Risk Manager cannot identify a log source in JSA, you can configure a log source mapping.
- Click the Risks tab.
- In the navigation pane, click Configuration Monitor.
- Click the device without a log source mapping.
- On the toolbar, click Action >Log Source Mapping >Create/Edit Log Source Mapping.
- In the Log Source Groups list, select a group.
- In the Log Sources list, select a log source and click (>).
- Click OK.