You can integrate a Cisco Security Agent (CSA) server with JSA.
The Cisco CSA DSM accepts events by using syslog, SNMPv1, and SNMPv2. JSA records all configured Cisco CSA alerts.
Configuring Syslog for Cisco CSA
Configuration of your Cisco CSA server to forward events.
Take the following steps to configure your Cisco CSA server to forward events:
- Open the Cisco CSA user interface.
- Select Events >Alerts.
- Click New.
The Configuration View window is displayed.
- Type in values for the following parameters:
Name Type a name that you want to assign to your configuration.
Description Type a description for the configuration. This step is not a requirement.
- From the Send Alerts, select the event set from the list to generate alerts.
- Select the SNMP check box.
- Type a Community name.
The Community name that is entered in the CSA user interface must match the Community name that is configured on JSA. This option is only available for the SNMPv2 protocol.
- For the Manager IP address parameter, type the IP address of JSA.
- Click Save.
You are now ready to configure the log source in JSA.
Syslog Log Source Parameters for Cisco CSA
If JSA does not automatically detect the log source, add a Cisco CSA log source on the JSA Console by using the syslog protocol.
When using the syslog protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect syslog events from Cisco CSA devices:
Table 1: Syslog Parameters for the Cisco CSA DSM
Log Source type
Log Source Identifier
Type the IP address or host name for the log source.
The identifier helps you determine which events came from your Cisco CSA device.