Adding Log Collector to Security Director
You must deploy either Security Director Log Collector or Juniper Secure Analytics (JSA) as a log collector and then add it to Security Director to view the log data in the Dashboard, Events and Logs, Reports, and Alerts pages.
Before You Begin
Deploy Security Director Log Collector or JSA as a Log Collector.
Configure system log and security logging for the devices managed by Junos Space Security Director from Devices > Security Devices > Modify Configuration.
While adding SRX firewall as a log source in JSA or QRadar, set the log source type to Juniper Junos Platform and not Juniper SRX Series Services Gateway.
You must have the recent version of Juniper Junos Device Support Module (DSM) installed on JSA or QRadar.
To add Log Collector to Security Director:
- From the Security Director user interface, select Administration > Logging Management > Logging
Nodes, and click the plus sign (+).
The Add Logging Node page appears.
- Choose the Log Collector type as Security Director Log Collector or Juniper Secure Analytics.
- Click Next.
- Complete the configuration for Add Collector/JSA Node.
From Junos Space Security Director Release 17.2, for distributed Log Collector deployment, you must add only Log Receiver node.
For Security Director Log Collector, provide the default credentials: Username is admin and Password is juniper123. You must change the default password using the Log Collector CLI configureNode.sh command as shown in Figure 1.
For JSA, provide the admin credentials that is used to log in to the JSA console.
- Click Next.
The certificate details are displayed.
- Click Finish.
- Review the summary of configuration changes from the summary page and click Edit to modify the details, if required.
- Click OK to add the node.
A new logging node with your configuration is added. To verify that the node is configured correctly, click Logging Management to check the status of the node.
To remove an existing Security Director Log Collector and add JSA as a Log Collector:
- Select Administration > Logging Management > Logging Nodes.
- Select the existing Security Director Log Collector and click the delete icon to delete Security Director Log Collector node.
- Click the + icon to add JSA as a Log Collector.
- Configure the SRX Series devices to stop sending logs to Security Director Log Collector, and ensure that logs are sent to the JSA node.