Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Event and Flow Data Redundancy

 

Send the same events and flows to separate data centers or geographically separate sites and enable data redundancy by using a load balancer or other method to deliver the same data to mirrored appliances.

The following information is provided only for general guidance and is not intended or designed as a how-to guide.

Configure the distribution of log and flow sources for data redundancy:

  • Send log source data to the Event Processor on the second site.

  • Send flow source data to the Flow Processor on the second site.

    For more information about configuring log sources, see the Configuring DSMs Guide.

    For more information about flow sources, see the Juniper Secure Analytics Administration Guide.

Figure 1: Sending Events and Flows to Two Sites
Sending Events and Flows to Two
Sites
  • Configure JSA to receive events--JSA automatically discovers many log sources that send syslog messages in your deployment. Log sources that are automatically discovered by JSA appear in the Log Sources window.

    You configure the automatic discovery of log sources for each Event Collector by using the Autodetection Enabled setting in the Event Collector configuration. If you want to keep the log source event IDs synchronized with the primary Event Collector, you disable the Autodetection setting. In this situation, use the content management tool to synchronize the log source configuration or restore a configuration backup to the site.

    For more information about auto discovered log sources and configurations specific to your device or appliance, see the Configuring DSMs Guide.

  • Configure JSA to receive flows--To enable data redundancy for flows, you need to send NetFlow, J-Flow, and sFlow to both sites for Flow collection.

    You can collect flows from a SPAN or tap and then send packets to your backup location, or you mirror the SPAN or tap in the backup location by using external technologies. A load balancer splits flows such as NetFlow, J-Flow, and sFlow but it can't split Flow.

    For more information about flow sources, see the Juniper Secure Analytics Administration Guide.

  • Use the Content Management Tool (CMT)--If you want to ensure that the primary JSA console from site 1 and the secondary JSA console from site 2 have identical configurations, use the content management tool to update site 2 with the configurations from site 1.

    For more information about using the content management tool, see the Juniper Secure Analytics Administration Guide.