Cisco ACE Firewall
The Cisco ACE firewall can be integrated with JSA.
JSA can accept events that are forwarded from Cisco ACE Firewalls by using syslog. JSA records all relevant events. Before you configure JSA to integrate with an ACE firewall, you must configure your Cisco ACE Firewall to forward all device logs to JSA.
Configuring Cisco ACE Firewall
To forward Cisco ACE device logs to JSA:
- Log in to your Cisco ACE device.
- From the Shell Interface, select Main Menu >Advanced Options >Syslog Configuration.
- The Syslog Configuration menu varies depending on whether there are any syslog destination hosts configured yet. If no syslog destinations are configured, create one by selecting the Add First Server option. Click OK.
- Type the host name or IP address of the destination host
and port in the First Syslog Server field. Click OK.
The system restarts with new settings. When finished, the Syslog server window displays the host that is configured.
- Click OK.
The Syslog Configuration menu is displayed. Notice that options for editing the server configuration, removing the server, or adding a second server are now available.
- If you want to add another server, click Add Second
At any time, click the View Syslog options to view existing server configurations.
- To return to the Advanced menu, click Return.
The configuration is complete. The log source is added to JSA as Cisco ACE Firewall events are automatically discovered. Events that are forwarded to JSA by Cisco ACE Firewall appliances are displayed on the Log Activity tab of JSA.
Configuring a Log Source
JSA automatically discovers and creates a log source for syslog events from Cisco ACE Firewalls.
The following configuration steps are optional. You can manually create a log source for JSA to receive syslog events.
To manually configure a log source for Cisco ACE Firewall:
- Log in to JSA.
- Click the Admin tab.
- On the navigation menu, click Data Sources.
The Data Sources pane is displayed.
- Click the Log Sources icon.
The Log Sources window is displayed.
- Click Add.
The Add a log source window is displayed.
- In the Log Source Name field, type a name for your log source.
- In the Log Source Description field, type a description for the log source.
- From the Log Source Type list, select Cisco ACE Firewall.
- From the Protocol Configuration list, select Syslog.
The syslog protocol configuration is displayed.
- Configure the following values:
Table 1: Syslog Parameters
Log Source Identifier
Type the IP address or host name for the log source as an identifier for events from your Cisco ACE Firewalls.
- Click Save.
- On the Admin tab, click Deploy Changes.
The configuration is complete.