Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Add Security Director Insights as a Log Collector

 

To use the log collector functionality that comes along with the Security Director Insights installation, add the IP address of the Security Director Insights virtual machine (VM) as a log collector.

Note

After you upgrade to Log Collector 21.3, you can access historical logs from the legacy log collector ( Log Collector 20.1) by switching between both log collectors. You can add both the legacy log collector node and the Security Director Insights VM on the Logging Nodes page in Security Director. We've added read-only log collector support to enable you to view existing data in the event viewer. For details, see Security Director Release Notes.

Before you add the log collector node in the GUI, you must set the administrator password. By default, the Security Director log collector is disabled. You must first enable it and then set the administrator password.

To enable the log collector and configure the administrator password:

  1. Go to the Security Director Insights CLI.

    # ssh admin@${security-director-insights_ip}

  2. Enter the application configuration mode.

    user:Core# applications

  3. Enable Security Director log collector.

    user:Core#(applications)# set log-collector enable on

  4. Configure the administrator password.

    user:Core#(applications)# set log-collector password

    Enter the new password for SD Log Collector access:

    Retype the new password:

    Successfully changed password for SD Log Collector database access

To add the Security Director Insights VM IP address as a log collector node:

  1. From the Security Director user interface, select Administration > Logging Management > Logging Nodes, and click the plus sign (+).

    The Add Logging Node page appears.

  2. Choose the Log Collector type as Security Director Log Collector.
  3. Click Next.

    The Add Collector Node page appears.

  4. In the Node Name field, enter a unique name for the log collector.
  5. In the IP Address field, enter the IP address of the Security Director Insights VM.

    The IP address used in the Deploy OVF Template page must be used in the Add Collector Node page, as shown in Figure 1 and Figure 2.

    Figure 1: Deploy OVF Template Page
    Deploy OVF Template
Page
    Figure 2: Add Logging Node Page
    Add Logging Node Page
  6. In the User Name field, enter the username of the Security Director Insights VM.
  7. In the Password field, enter the password of the Security Director Insights VM.
  8. Click Next.

    The certificate details are displayed.

  9. Click Finish and then click OK to add the newly created Logging Node.Note

    Starting in Security Director Release 21.3R1 Hot Patch V1, you can add both the legacy log collector node and the Security Director Insights VM on the Logging Nodes page in Security Director. We’ve added the legacy log collector support for read-only purpose to view existing data in the event viewer. You cannot add same type of log collector nodes on the Logging Nodes page.

  10. After you add Security Director Insights as a log collector, enable the following options in Junos Space:
    1. Log in to Junos Space.
    2. Select Administration > Applications.
    3. Right-click Log Director and select Modify Application Settings.
    4. Enable the following options:
      • Enable SDI Log Collector Query Format

      • Integrated Log Collector on Space Server

Performance Matrix

Table 1 shows the performance matrix for various events per second (eps) rates.

Table 1: Performance Matrix for EPS

CPU

Memory

EPS

CPU/Memory Reservation

4

16

5K

8.8 GHz / 16Gb

8

16

10K

17.6 GHz / 16Gb

24

80

25K

50 GHz / 80Gb

Note

CPU and Memory values must be reserved according to the performance matrix, to achieve the correlating EPS.