Add Security Director Insights as a Log Collector
To use the log collector functionality that comes along with the Security Director Insights installation, add the IP address of the Security Director Insights virtual machine (VM) as a log collector.
After you upgrade to Log Collector 21.3, you can access historical logs from the legacy log collector ( Log Collector 20.1) by switching between both log collectors. You can add both the legacy log collector node and the Security Director Insights VM on the Logging Nodes page in Security Director. We've added read-only log collector support to enable you to view existing data in the event viewer. For details, see Security Director Release Notes.
Before you add the log collector node in the GUI, you must set the administrator password. By default, the Security Director log collector is disabled. You must first enable it and then set the administrator password.
To enable the log collector and configure the administrator password:
- Go to the Security Director Insights CLI.
# ssh admin@${security-director-insights_ip}
- Enter the application configuration mode.
user:Core# applications
- Enable Security Director log collector.
user:Core#(applications)# set log-collector enable on
- Configure the administrator password.
user:Core#(applications)# set log-collector password
Enter the new password for SD Log Collector access:
Retype the new password:
Successfully changed password for SD Log Collector database access
Table 1 below lists the required specifications for deploying Security Director Insights as a log collector for various events per second (eps) rates.
Table 1: Specifications
Setup | CPU | Memory |
---|---|---|
5k | 4 | 16 |
10k | 8 | 16 |
15k | 8 | 24 |
25k | 16 | 32 |
To add the Security Director Insights VM IP address as a log collector node:
- From the Security Director user interface, select Administration > Logging Management > Logging
Nodes, and click the plus sign (+).
The Add Logging Node page appears.
- Choose the Log Collector type as Security Director Log Collector.
- Click Next.
The Add Collector Node page appears.
- In the Node Name field, enter a unique name for the log collector.
- In the IP Address field, enter the IP address of the Security
Director Insights VM.
The IP address used in the Deploy OVF Template page must be used in the Add Collector Node page, as shown in Figure 1 and Figure 2.
- In the User Name field, enter the username of the Security Director Insights VM.
- In the Password field, enter the password of the Security Director Insights VM.
- Click Next.
The certificate details are displayed.
- Click Finish and then click OK to add the newly created Logging Node.
- After you add Security Director Insights as a log collector,
enable the following options in Junos Space:
- Log in to Junos Space.
- Select Administration > Applications.
- Right-click Log Director and select Modify Application Settings.
- Enable the following options:
Enable SDI Log Collector Query Format
Integrated Log Collector on Space Server
The log collector in Security Director Insights supports 25K events per second (eps).
Disable the raw log: user:Core#(applications)# set log-collector raw-log off.
Make sure that the SRX Series device configuration points to the corresponding SDI log collector.