When configuring a log source, the set of available protocol type options is limited based on the selected log source type. Not all log source types support all protocol types. The DSM Configuration Guide describes how to configure log sources of a particular type, with each of the protocol types that Juniper fully supports for that log source type. Any protocol type that has configuration documentation for a particular log source type is considered a "documented" protocol for that log source type. By default, only these documented protocols are displayed in the Protocol Configuration list in the Log Sources window.
As an open platform, JSA collects and processes event data through other integration methods (protocol types). Some protocol types can be configured for a particular log source type but are marked as "undocumented". However, the DSM Configuration Guide doesn't contain instructions on how to set up event collection for undocumented protocols. JSA does not offer support with the configuration of log sources that use undocumented protocols because they are not internally tested and documented. Users are responsible for determining how to get the event data into JSA.
For example, the JDBC protocol is the documented configuration for obtaining events from a system that stores its event data in a database. However, it is possible to collect the same event data through a third-party product and then forward it to JSA through Syslog. Configure the log source to use the undocumented protocol type "Syslog". JSA accepts the events and routes them to the appropriate log source.
You must configure the third-party product to retrieve the event data from the database and to send this data to JSA through Syslog because this is not the documented collection method.
Collecting and processing event data through undocumented protocols might result in data that is formatted differently from what a documented DSM log source type expects. As a result, parsing might not work for the DSM if it’s receiving events from an undocumented protocol. For example, a JDBC protocol creates event payloads that consist of a series of space-separated key and value pairs. In the target database table, the key is a column name and the value is the column for the table row that the event represents. The DSM for a supported log source type that uses the JDBC protocol expects this event format. If the event data forwarded from a third-party product through the syslog protocol is in a different format, the DSM is unable to parse it. It might be necessary to use the DSM Editor to adjust the parsing of a DSM so that it can handle these events.
Configuring an Undocumented Protocol
As an open platform, JSA collects and processes event data through multiple integration methods (protocol types). Some protocol types can be configured for a particular log source type but are marked as "undocumented". The DSM Configuration Guide doesn't contain instructions on how to set up event collection for undocumented protocols. Juniper does not offer support with the configuration of log sources that use undocumented protocols because they are not internally tested and documented.
- Use SSH to log in to your JSA Console appliance as a root user.
- Edit the following file:
- Set the EXPOSE_UNDOCUMENTED_PROTOCOLS property value to true.
- Save the file.
- To close the SSH session type exit.
- Log in to the JSA Console.
- Click the Admin tab.
- Click Deploy Changes.
Undocumented protocol options appear in the Protocol Configuration list in the log source Add/Edit window.