Introduction to Log Source Management
You can configure JSA to accept event logs from log sources that are on your network. A log source is a data source that creates an event log.
For example, a firewall or intrusion protection system (IPS) logs security-based events, and switches or routers logs network-based events.
To receive raw events from log sources, JSA supports many protocols. Passive protocols listen for events on specific ports. Active protocols use APIs or other communication methods to connect to external systems that poll and retrieve events.
Depending on your license limits, JSA can read and interpret events from more than 300 log sources.
To configure a log source for JSA, you must do the following tasks:
Download and install a DSM that supports the log source. A DSM is software application that contains the event patterns that are required to identify and parse events from the original format of the event log to the format that JSA can use.
If automatic discovery is supported for the DSM, wait for JSA to automatically add the log source to your list of configured log sources.
If automatic discovery is not supported for the DSM, manually create the log source configuration.