Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey? SF-Sherlock

The JSA DSM for SF-Sherlock collects logs from your SF-Sherlock servers.

The following table describes the specifications for the SF-Sherlock DSM:

Table 1: SF-Sherlock DSM Specifications




DSM name SF-Sherlock

RPM file name


Supported versions

v8.1 and later

Event format

Log Event Extended Format (LEEF)

Recorded event types

All_Checks, DB2_Security_Configuration, JES_Configuration, Job_Entry_System_Attack, Network_Parameter, Network_Security, No_Policy, Resource_Access_Viol, Resource_Allocation, Resource_Protection, Running_System_Change, Running_System_Security, Running_System_Status, Security_Dbase_Scan, Security_Dbase_Specialty, Security_Dbase_Status, Security_Parm_Change, Security_System_Attack, Security_System_Software, Security_System_Status, SF-Sherlock, Sherlock_Diverse, Sherlock_Diverse, Sherlock_Information, Sherlock_Specialties, Storage_Management, Subsystem_Scan, Sysplex_Security, Sysplex_Status, System_Catalog, System_File_Change, System_File_Security, System_File_Specialty, System_Log_Monitoring, System_Module_Security, System_Process_Security, System_Residence, System_Tampering, System_Volumes, TSO_Status, UNIX_OMVS_Security, UNIX_OMVS_System, User_Defined_Monitoring, xx_Resource_Prot_Templ

Automatically discovered?


Includes identity?


Includes custom properties?


More information

Enterprise-IT-Security website (http:/

To integrate SF-Sherlock with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads onto your JSA console:

    • SF-Sherlock DSM RPM

    • DSM Common RPM

  2. Configure your SF-Sherlock device to send syslog events to JSA.

  3. If JSA does not automatically detect the log source, add a SF-Sherlock log source on the JSA Console. The following table describes the parameters that require specific values for SF-Sherlock event collection:

    Table 2: SF-Sherlock Log Source Parameters



    Log Source type SF-Sherlock

    Protocol Configuration