ON THIS PAGE
The Radware DefensePro DSM for JSA accepts events by using syslog. Event traps can also be mirrored to a syslog server.
Before you configure JSA to integrate with a Radware DefensePro device, you must configure your Radware DefensePro device to forward syslog events to JSA. You must configure the appropriate information by using the Device > Trap and SMTP option.
Any traps that are generated by the Radware device are mirrored to the specified syslog server. The current Radware Syslog server gives you the option to define the status and the event log server address.
You can also define more notification criteria, such as Facility and Severity, which are expressed by numerical values:
Facility is a user-defined value that indicates the type of device that is used by the sender. This criteria is applied when the device sends syslog messages. The default value is 21, meaning Local Use 6.
Severity indicates the importance or impact of the reported event. The Severity is determined dynamically by the device for each message sent.
In the Security Settings window, you must enable security reporting by using the connect and protect/security settings. You must enable security reports to syslog and configure the severity (syslog risk).
You are now ready to configure the log source in JSA.
Configuring a Log Source
JSA automatically discovers and creates a log source for syslog events from Radware DefensePro. The following configuration steps are optional.
To manually configure a log source for Radware DefensePro:
- Log in to JSA.
- Click the Admin tab.
- On the navigation menu, click Data Sources.
The Data Sources pane is displayed.
- Click the Log Sources icon.
The Log Sources window is displayed.
- Click Add.
The Add a log source window is displayed.
- In the Log Source Name field, type a name for your log source.
- In the Log Source Description field, type a description for the log source.
- From the Log Source Type list, select Radware DefensePro.
- Using the Protocol Configuration list, select Syslog.
The syslog protocol configuration is displayed.
- Configure the following values:
Table 1: Syslog Parameters
Log Source Identifier
Type the IP address or host name for the log source as an identifier for events from your Radware DefensePro installation.
- Click Save.
- On the Admin tab, click Deploy Changes.
The configuration is complete.