Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

IBM Federated Directory Server

 

The JSA DSM collects events from IBM Federated Directory Server systems.

The following table identifies the specifications for the IBM Federated Directory Server DSM:

Table 1: IBM Federated Directory Server DSM Specifications

Specification

Value

Manufacturer

IBM

DSM name

IBM Federated Directory Server

RPM file name

DSM-IBMFederated DirectoryServer-JSA_version-build_number.noarch.rpm

Supported versions

V7.2.0.2 and later

Event format

LEEF

Recorded event types

FDS Audit

Automatically discovered?

Yes

Includes identity?

No

Includes custom properties?

No

More information

IBM website

To send events from IBM Federated Directory Server to JSA, complete the following steps:

  1. If automatic updates are not enabled, download the most recent version of the following RPMs on your JSA console:

    • DSMCommon RPM

    • IBM Federated Directory Server DSM RPM

  2. Configure JSA monitoring on your IBM Federated Directory Server device.

  3. If JSA does not automatically detect the log source, add an IBM Federated Directory Server log source on the JSA Console. The following table describes the parameters that require specific values for IBM Federated Directory Server event collection:

    Table 2: IBM Federated Directory Serve Log Source Parameters

    Parameter

    Value

    Log Source type

    IBM Federated Directory Server

    Protocol Configuration

    Syslog

    Log Source Identifier

    The source IP or host name of the IBM Federated Directory Server.

Configuring IBM Federated Directory Server to Monitor Security Events

Configure IBM Federated Directory Server to monitor security events, which are generated when an entry is added, modified, or deleted in the target

  1. Log in to your IBM Federated Directory Server.
  2. In the navigation pane, under Common Settings, click Monitoring.
  3. On the Monitoring page, click the JSA tab.
  4. To indicate that you want to monitor security events, on the JSA page, select Enabled .
  5. Configure the parameters
  6. In the Map file field, specify the path and file name of the map file that configures the various JSA LEEF attributes for the event.
  7. Click Select to browse for the map file. The default value points to the LDAPSync/QRadar.map file.
  8. In the Date format mask field, specify a standard Java SimpleDateFormat mask to use for date values that are written in mapped LEEF attributes.

    This value controls both the value of the devTimeFormat attribute and the formatting of date values in the event. The default value is the ISO 8601 standard mask, MMM dd yy HH:mm:ss, which creates a string, Oct 16 12 15:15:57.

Related Documentation