Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Adding Forwarding Destinations

Before you can configure bulk or selective data forwarding, you must add forwarding destinations.

Normalized events that you forward can be interpreted only by other JSA systems.

  1. On the navigation menu (), click Admin.
  2. In the System Configuration section, click Forwarding Destinations.
  3. On the toolbar, click Add.
  4. In the Forwarding Destinations window, enter values for the parameters.

    The following table describes some of the Forwarding Destinations parameters.

    Table 1: Forwarding Destinations Parameters



    Event Format

    • Payload is the data in the format that the log source or flow source sent.

    • Payload is the data in the format that the log source sent.

    • Normalized is raw data that is parsed and prepared as readable information for the user interface.

    • JSON (Javascript Object Notation) is a data-interchange format.


      JSON data can only be transmitted using the TCP protocol.

    Destination Address

    The IP address or host name of the vendor system that you want to forward data to.


    Use the TCP protocol to send normalized data by using the TCP protocol. You must create an off-site source at the destination address on port 32004.

    Use the TCP over SSL protocol to send normalized data securely by using the TCP protocol with an SSL certificate. You must install an SSL certificate to establish communication to the destination. For information about installing SSL certificates “ Installing New SSL Certificate”.


    You cannot transmit normalized and JSON data by using the UDP protocol. If you select the Normalized or JSON options, the UDP option in the Protocol list is disabled.

    Prefix a syslog header if it is missing or invalid

    If a valid syslog header is not detected on the original syslog message and this check box is selected, the prefixed syslog header includes the originating IP address from the packet that JSA received in the Hostname field of the syslog header. If this check box is not selected, the data is sent unmodified.

    When JSA forwards syslog messages, the outbound message is verified to ensure that it has a valid syslog header.

  5. Click Save.

Setting up a forwarding destination does not automatically send data to that destination. You must configure either a routing rule or a custom rule to forward data to the destination.