Adding a Log Source
If a log source is not automatically discovered, you can manually add a log source to receive events from your network devices or appliances.
If you are using JSA 7.3.1 to 7.3.3, you can also add a log source by using the Adding a Log Source by using the Log Sources Icon.
Ensure that the JSA Log Source Management app is installed on your JSA Console. For more information about installing the app, see Installing the JSA Log Source Management app.
- Log in to JSA.
- Click the Admin tab.
- To open the app, click the JSA Log Source Management app icon.
- Click New Log Source > Single Log Source.
- On the Select a Log Source Type page, select a log source type and click Select Protocol Type.
- On the Select a Protocol Type page, select a protocol and click Configure Log Source Parameters.
- On the Configure the Log Source parameters page,
configure the log source parameters and click Configure Protocol
The following table describes the common log source parameters for all log source types:
Table 1: Common Log Source Parameters
Log Source Identifier
The IPv4 address or host name that identifies the log source.
If your network contains multiple devices that are attached to a single management console, specify the IP address of the individual device that created the event. A unique identifier for each, such as an IP address, prevents event searches from identifying the management console as the source for all of the events.
When this option is not enabled, the log source does not collect events and the log source is not counted in the license limit.
Credibility is a representation of the integrity or validity of events that are created by a log source. The credibility value that is assigned to a log source can increase or decrease based on incoming events or adjusted as a response to user-created event rules. The credibility of events from log sources contributes to the calculation of the offense magnitude and can increase or decrease the magnitude value of an offense.
Target Event Collector
Specifies the JSA Event Collector that polls the remote log source.
Use this parameter in a distributed deployment to improve Console system performance by moving the polling task to an Event Collector.
Increases the event count when the same event occurs multiple times within a short time interval. Coalesced events provide a way to view and determine the frequency with which a single event type occurs on the Log Activity tab.
When this check box is clear, events are viewed individually and events are not bundled.
New and automatically discovered log sources inherit the value of this check box from the System Settings configuration on the Admin tab. You can use this check box to override the default behavior of the system settings for an individual log source.
- On the Configure the protocol parameters page,
configure the protocol-specific parameters.
If your configuration can be tested, click Test Protocol Parameters.
If your configuration cannot be tested, click Finish.
- In the Test protocol parameters window, click Start Test.
- To fix any errors, click Configure Protocol Parameters. Configure the parameters and click Test Protocol Parameters.
- Click Finish.