Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Juniper Networks Network and Security Manager

 

The Juniper Networks Network and Security Manager (NSM) DSM for JSA accepts Juniper Networks NSM and Juniper Networks Secure Service Gateway (SSG) logs. All Juniper SSG logs must be forwarded through Juniper NSM to JSA. All other Juniper devices logs can be forwarded directly to JSA.

For more information on advanced filtering of Juniper Networks NSM logs, see your Juniper Networks vendor documentation.

To integrate a Juniper Networks NSM device with JSA, you must complete the following tasks:

Configuring Juniper Networks NSM to Export Logs to Syslog

Juniper Networks NSM uses the syslog server to export qualified log entries to syslog.

Configuring the syslog settings for the management system defines only the syslog settings for the management system. It does not export logs from the individual devices. You can enable the management system to export logs to syslog.

  1. Log in to the Juniper Networks NSM user interface.
  2. From the Action Manager menu, select Action Parameters.
  3. Type the IP address for the syslog server that you want to send qualified logs.
  4. Type the syslog server facility for the syslog server to which you want to send qualified logs.
  5. From the Device Log Action Criteria node, select the Actions tab.
  6. Select Syslog Enable for Category, Severity, and Action.

    You are now ready to configure the log source in JSA.

Juniper NSM Log Source Parameters for Juniper Networks Network and Security Manager

If JSA does not automatically detect the log source, add a Juniper Networks Network and Security Manager log source on the JSA Console by using the Juniper NSM protocol.

When using the Juniper NSM protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Juniper NSM events from Juniper Networks Network and Security Manager:

Table 1: Juniper NSM log source parameters for the Juniper Networks Network and Security Manager DSM

Parameter

Value

Log Source type

Juniper Networks Network and Security Manager

Protocol Configuration

Juniper NSM

Log Source Identifier

Type the IP address or host name for the log source.

The Log Source Identifier must be unique for the log source type.

IP

Type the IP address or host name of the Juniper Networks NSM server.

Inbound Port

Type the Inbound Port to which the Juniper Networks NSM sends communications. The valid range is 0 - 65536. The default is 514.

Redirection Listen Port

Type the port to which traffic is forwarded. The valid range is 0 - 65,536. The default is 516.

Use NSM Address for Log Source

Select this check box to use the Juniper NSM management server IP address instead of the log source IP address. By default, the check box is selected.

Note

In the JSA interface, the Juniper NSM protocol configuration provides the option to use the Juniper Networks NSM IP address by selecting the Use NSM Address for Log Source check box. If you wish to change the configuration to use the originating IP address (clear the check box), you must log in to your JSA console, as a root user, and restart the Console (for an all-in-one system) or the Event Collector hosting the log sources (in a distributed environment) by using the shutdown -r now command.