Adding Logging Nodes
Use this page to configure logging nodes. You must deploy either Security Director Log Collector or Juniper Secure Analytics (JSA) as a log collector and then add it to Security Director to view the log data in the Dashboard, Events and Logs, Reports, and Alerts pages.
Before You Begin
Read the Logging and Reporting Overview topic.
Configure system log and security logging configuration from Devices > Security Devices > Modify Configuration. See Modifying the Configuration of Security Devices.
Review the Logging Management main page for an understanding of your current data set. See Logging Nodes Main Page Fields for field descriptions.
While adding SRX firewall as a log source in JSA or QRadar, set the log source type to Juniper Junos Platform and not Juniper SRX Series Services Gateway.
You must have the recent version of Juniper Junos Device Support Module (DSM) installed on JSA or QRadar.
For information on JSA, see Juniper Secure Analytics documentation.
To add Log Collector to Security Director:
- Select Administration > Logging Management > Logging Nodes.
- Click the + icon to add logging nodes. The Add Logging Node page appears.
- Choose the Log Collector type as Security Director
Log Collector or Juniper Secure Analytics.
Starting in Junos Space Security Director Release 16.2, the Log Collector type Juniper Secure Analytics is added.
- Click Next.
- Complete the configuration for Add Collector/JSA Node
according to the guidelines provided in Table 1.
From Junos Space Security Director Release 17.2, for distributed Log Collector deployment, you must add only Log Receiver node.
- Click Next.
The certificate details are displayed.
- Click Finish.
- Review the summary of configuration changes from the summary page and click Edit to modify the details, if required.
- Click OK to add the node.
A new logging node with your configurations is added. To verify if the node is configured correctly, click Logging Management > Logging Nodes to check the status of the node.
In Junos Space Security Director Release 16.2, the JSA node is added only via Security Director, so the JSA node is not displayed in Space > Administration > Fabric.
Table 1: Logging Node Settings
Enter a unique name for the node that is a string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 29 characters.
Enter an IPv4 or IPv6 address for the node.
Starting in Junos Space Security Director Release 18.2R1, IPv6 address is supported while adding JSA node.
User Name and Password
For Security Director Log Collector, provide the default credentials: Username is admin and Password is juniper123. You must change the default password using the Log Collector CLI configureNode.sh command as shown in Figure 1.
For JSA, provide the admin credentials that is used to log in to the JSA console.