IBM Security Network Security (XGS)
The IBM Security Network Security (XGS) DSM accepts events by using the Log Enhanced Event Protocol (LEEF), which enables JSA to record all relevant events.
The following table identifies the specifications for the IBM Security Network Security (XGS) DSM:
Table 1: IBM Security Network Security (XGS) Specifications
Security Network Security (XGS)
RPM file name
v5.0 with fixpack 7 to v5.4
JSA recorded events
All relevant system, access, and security events
Before you configure an Network Security Security (XGS) appliance in JSA, you must configure remote syslog alerts for your IBM Security Network Security (XGS) rules or policies to forward events to JSA.
Configuring IBM Security Network Security (XGS) Alerts
All event types are sent to JSA by using a remote syslog alert object that is LEEF enabled.
Remote syslog alert objects can be created, edited, and deleted from each context in which an event is generated. Log in to the Network Security Security (XGS) local management interface as admin to configure a remote syslog alert object, and go to one of the following menus:
Manage >System Settings >System Alerts (System events)
Secure >Network Access Policy (Access events)
Secure >IPS Event Filter Policy (Security events)
Secure >Intrusion Prevention Policy (Security events)
Secure >Network Access Policy >Inspection >Intrusion Prevention Policy
In the IPS Objects, the Network Objects pane, or the System Alerts page, complete the following steps.
- Click New >Alert >Remote Syslog.
- Select an existing remote syslog alert object, and then click Edit.
- Configure the following options:
Table 2: Syslog Configuration Parameters
Type a name for the syslog alert configuration.
Remote Syslog Collector
Type the IP address of your JSA console or Event Collector.
Remote Syslog Collector Port
Type 514 for the Remote Syslog Collector Port.
Remote LEEF Enabled
Select this check box to enable LEEF formatted events. This is a required field.
If you do not see this option, verify that you have software version 5.0 and fixpack 7 installed on your IBM Security Network Security appliance.
Typing a comment for the syslog configuration is optional.
- Click Save Configuration.
The alert is added to the Available Objects list.
- To update your IBM Security Network Security (XGS) appliance, click Deploy.
- Add the LEEF alert object for JSA to the
One or more rules in a policy
Added Objects pane on the System Alerts page
- Click Deploy
For more information about the Network Security Security (XGS) device, click Help in the Network Security Security (XGS) local management interface browser client window or access the online Network Security Security (XGS) documentation.
Configuring a Log Source in JSA
JSA automatically discovers and creates a log source for LEEF-enabled syslog events from IBM Security Network Security (XGS). The following configuration steps are optional.
- Click the Admin tab.
- Click the Log Sources icon.
- Click Add.
- In the Log Source Name field, type a name for your log source.
- From the Log Source Type list, select IBM Security Network Security (XGS).
- Using the Protocol Configuration list, select Syslog.
- Configure the following values:
Table 3: Syslog Parameters
Log Source Identifier
Type the IP address or host name for the log source as an identifier for events from your IBM Security Network Security (XGS).
- Click Save.
- On the Admin tab, click Deploy Changes.