Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring a Log Source for Raz-Lee ISecurity

 

JSA automatically discovers and creates a log source for Syslog LEEF events that are forwarded from Raz-Lee iSecurity. If the log source isn't automatically discovered, you can manually create it.

  1. Click the Admin tab.
  2. Click the Log Sources icon.
  3. Click Add.
  4. In the Log Source Name field, type a name for your log source.
  5. In the Log Source Description field, type a description for the log source.
  6. From the Log Source Type list, select IBM AS/400 iSeries.
  7. From the Protocol Configuration list, select Syslog.
  8. Configure the syslog protocol values.

    Table 1: Syslog Protocol Parameters

    Parameter

    Description

    Log Source Identifier

    The IP address or host name of the log source that sends events from the Raz-Lee iSecurity device.

    Enabled

    By default, the check box is selected.

    Credibility

    The Credibility of the log source. The range is 0 - 10.

    The credibility indicates the integrity of an event or offense as determined by the credibility rating from the source devices. Credibility increases if multiple sources report the same event. The default is 5.

    Coalescing Events

    By default, automatically discovered log sources inherit the value of the Coalescing Events list from the System Settings in JSA. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source.

    Incoming Payload Encoding

    Select Incoming Payload Encoder for parsing and storing the logs.

    Store Event Payload

    By default, automatically discovered log sources inherit the value of the Store Event Payload list from the System Settings in JSA. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source.

  9. Click Save.
  10. On the Admin tab, click Deploy Changes.