Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring BeyondTrust PowerBroker to Communicate with JSA

 

BeyondTrust pblogs must be reformatted by using a script and then forwarded to JSA.You need to download and configure a script for your BeyondTrust PowerBroker appliance before you can forward events to JSA.

  1. Download the following file from the https://support.juniper.net/support/downloads/.

    pbforwarder.pl.gz

  2. Copy the file to the device that hosts BeyondTrust PowerBroker.Note

    Perl 5.8 must be installed on the device that hosts BeyondTrust PowerBroker.

  3. Type the following command to extract the file:

    gzip -d pbforwarder.pl.gz

  4. Type the following command to set the script file permissions:

    chmod +x pbforwarder.pl

  5. Use SSH to log in to the device that hosts BeyondTrust PowerBroker.

    The credentials that are used need to have read, write, and execute permissions for the log file.

  6. Type the appropriate command parameters:

    Table 1: Command Parameters

    Parameters

    Description

    -h

    The -h parameter defines the syslog host that receives the events from BeyondTrust PowerBroker. This is the IP address of your JSA Console or JSA Event Collector.

    -t

    The -t parameter defines that the command-line is used to tail the log file and monitor for new output from the listener.

    For PowerBroker, this command must be specified as "pblog -l -t".

    -p

    The -p parameter defines the TCP port to be used when forwarding events.

    -H

    The -H parameter defines the host name or IP address for the syslog header of all sent events. This should be the IP address of the BeyondTrust PowerBroker.

    -r

    The -r parameter defines the directory name where you want to create the process ID (.pid) file. The default is /var/run.

    This parameter is ignored if -D is specified.

    -I

    The -I parameter defines the directory name where you want to create the lock file. The default is /var/lock.

    -D

    The -D parameter defines that the script runs in the foreground.

    The default setting is to run as a daemon and log all internal messages to the local syslog server.

    -f

    The -f parameter defines the syslog facility and optionally, the severity for messages that are sent to the Event Collector.

    If no value is specified, user.info is used.

    -a

    The -a parameter enables an AIX compatible ps method.

    This command is only needed when you run BeyondTrust PowerBroker on AIX systems.

    -d

    The -d parameter enables debug logging.

    -v

    The -v parameter displays the script version information.

  7. Type the following command to start the pbforwarder.pl script.

    pbforwarder.pl -h <IP address>-t"pblog -l -t"

    Where <IP address> is the IP address of your JSA or Event Collector.

  8. Type the following command to stop the pbforwarder.pl script:

    kill -QUIT `cat /var/run/pbforwarder.pl.pid`

  9. Type the following command to reconnect the pbforwarder.pl script:

    kill -HUP `cat /var/run/pbforwarder.pl.pid`

JSA automatically detects and creates a log source from the syslog events that are forwarded from a BeyondTrust PowerBroker.