Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Cisco CSA

You can integrate a Cisco Security Agent (CSA) server with JSA.

The Cisco CSA DSM accepts all events by using the syslog, SNMPv1 and SNMPv2 protocols. JSA records all configured Cisco CSA alerts.

Configuring Cisco CSA to send events to JSA

Configuration of your Cisco CSA server to forward events.

Take the following steps to configure your Cisco CSA server to forward events:

  1. Open the Cisco CSA user interface.

  2. Select Events >Alerts.

  3. Click New.

    The Configuration View window is displayed.

  4. Type in values for the following parameters:

    • Name Type a name that you want to assign to your configuration.

    • Description Type a description for the configuration. This step is not a requirement.

  5. From the Send Alerts, select the event set from the list to generate alerts.

  6. Select the SNMP check box.

  7. Type a Community name.

    The Community name that is entered in the CSA user interface must match the Community name that is configured on JSA. This option is only available for the SNMPv2 protocol.

  8. For the Manager IP address parameter, type the IP address of JSA.

  9. Click Save.

    You are now ready to configure the log source in JSA.

Syslog Log Source Parameters for Cisco CSA

If JSA does not automatically detect the log source, add a Cisco CSA log source on the JSA Console by using the syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect syslog events from Cisco CSA devices:

Table 1: Syslog Parameters for the Cisco CSA DSM

Parameter

Description

Log Source type

Cisco CSA

Protocol Configuration

Syslog

Log Source Identifier

Type the IP address or host name for the log source.

The identifier helps you determine which events came from your Cisco CSA device.

SNMPv1 log source parameters for Cisco CSA

If JSA does not automatically detect the log source, add a Cisco CSA log source on the JSA Console by using the SNMPv1 protocol.

When using the SNMPv1 protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect SNMPv1 events from Cisco CSA devices:

Table 2: SNMPv1 log source parameters for the Cisco CSA DSM

Parameter

Value

Log Source Name

Type a name for your log source.

Log Source type

Cisco CSA

Protocol Configuration

SNMPv1

Log Source Identifier

Type the IP address or host name for the log source.

The identifier helps you determine which events came from your Cisco CSA device.

Community

Type the SNMP community name required to access the system containing SNMP events. The default is Public.

Include OIDs in Event Payload

Clear the Include OIDs in Event Payload checkbox, if selected.

This options allows the SNMP event payload to be constructed using name-value pairs instead of the standard event payload format. Including OIDs in the event payload is required for processing SNMPv2 or SNMPv3 events from certain DSMs.

SNMPv2 log source parameters for Cisco CSA

If JSA does not automatically detect the log source, add a Cisco CSA log source on the JSA Console by using the SNMPv2 protocol.

When using the SNMPv2 protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect SNMPv2 events from Cisco CSA devices:

Table 3: SNMPv2 log source parameters for the Cisco CSA DSM

Parameter

Value

Log Source Name

Type a name for your log source.

Log Source type

Cisco CSA

Protocol Configuration

SNMPv2

Log Source Identifier

Type the IP address or host name for the log source.

The identifier helps you determine which events came from your Cisco CSA device.

Community

Type the SNMP community name required to access the system containing SNMP events. The default is Public.

Include OIDs in Event Payload

Clear the Include OIDs in Event Payload checkbox, if selected.

This options allows the SNMP event payload to be constructed using name-value pairs instead of the standard event payload format. Including OIDs in the event payload is required for processing SNMPv2 or SNMPv3 events from certain DSMs.

For more information about the SNMPv2 protocol, see SNMPv2 protocol configuration optionsSNMPv2 Protocol Configuration Options.