Configuring BeyondTrust PowerBroker to Communicate with JSA
BeyondTrust pblogs must be reformatted by using a script and then forwarded to JSA. You need to download and configure a script for your BeyondTrust PowerBroker appliance before you can forward events to JSA.
- Download the following file from the https://support.juniper.net/support/downloads/.
- Copy the file to the device that hosts BeyondTrust PowerBroker.
Perl 5.8 must be installed on the device that hosts BeyondTrust PowerBroker.
- Type the following command to extract the file:
gzip -d pbforwarder.pl.gz
- Type the following command to set the script file permissions:
chmod +x pbforwarder.pl
- Use SSH to log in to the device that hosts BeyondTrust
The credentials that are used need to have read, write, and execute permissions for the log file.
- Type the appropriate command parameters:
Table 1: Command Parameters
The -h parameter defines the syslog host that receives the events from BeyondTrust PowerBroker. This is the IP address of your JSA Console or JSA Event Collector.
The -t parameter defines that the command-line is used to tail the log file and monitor for new output from the listener.
For PowerBroker, this command must be specified as "
pblog -l -t".
The -p parameter defines the TCP port to be used when forwarding events.
The -H parameter defines the host name or IP address for the syslog header of all sent events. This should be the IP address of the BeyondTrust PowerBroker.
The -r parameter defines the directory name where you want to create the process ID (.pid) file. The default is
This parameter is ignored if -D is specified.
The -I parameter defines the directory name where you want to create the lock file. The default is
The -D parameter defines that the script runs in the foreground.
The default setting is to run as a daemon and log all internal messages to the local syslog server.
The -f parameter defines the syslog facility and optionally, the severity for messages that are sent to the Event Collector.
If no value is specified,
The -a parameter enables an AIX compatible ps method.
This command is only needed when you run BeyondTrust PowerBroker on AIX systems.
The -d parameter enables debug logging.
The -v parameter displays the script version information.
- Type the following command to start the
pbforwarder.pl -h <IP address>-t"pblog -l -t"
Where <IP address> is the IP address of your JSA or Event Collector.
- Type the following command to stop the
kill -QUIT `cat /var/run/pbforwarder.pl.pid`
- Type the following command to reconnect the pbforwarder.pl
kill -HUP `cat /var/run/pbforwarder.pl.pid`
JSA automatically detects and creates a log source from the syslog events that are forwarded from a BeyondTrust PowerBroker.