Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Cloudera Navigator to Communicate with JSA

 

You can configure Cloudera Navigator device to send JSON format syslog events to JSA.

Ensure that Cloudera Navigator can access port 514 on the JSA system.

When you install Cloudera Navigator, all audit logs are collected automatically. However, you must configure Cloudera Navigator to send audits logs to JSA by using syslog.

  1. Do one of the following tasks:
    • Click Clusters >Cloudera Management Service >Cloudera Management Service.

    • On the Status tab of the Home page, click the Cloudera Management Service link in Cloudera Management Service table.

  2. Click the Configuration tab.
  3. Search for Navigator Audit Server Logging Advanced Configuration Snippet.
  4. Depending on the format type, enter one of the following values in the Value field:
    • log4j.logger.auditStream = TRACE,SYSLOG

    • log4j.appender.SYSLOG = org.apache.log4j.net.SyslogAppender

    • log4j.appender.SYSLOG.SyslogHost = <QRadar Hostname>

    • log4j.appender.SYSLOG.Facility = Local2

    • log4j.appender.SYSLOG.FacilityPrinting = true

    • log4j.additivity.auditStream = false

  5. Click Save Changes.