Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Cilasoft QJRN/400

To collect events, you must configure queries on your Cilasoft QJRN/400 to forward syslog events to JSA.

  1. To start the Cilasoft Security Suite, type the following command:

    IJRN/QJRN

    The account that is used to make configuration changes must have ADM privileges or USR privileges with access to specific queries through an Extended Access parameter.

  2. To configure the output type, select one of the following options:

    To edit several selected queries, type 2EV to access the Execution Environment and change the Output Type field and type SEM.

  3. To edit large numbers of queries, type the command CHGQJQRYA and change the Output Type field and type SEM.
  4. On the Additional Parameters screen, configure the following parameters:
    Table 1: Cilasoft QJRN/400 Output Parameters

    Parameter

    Description

    Format

    Type *LEEF to configure the syslog output to write events in Log Extended Event Format (LEEF).

    LEEF is a special event format that is designed to for JSA.

    Output

    To configure an output type, use one of the following parameters to select an output type:

    *SYSLOG - Type this parameter to forward events with the syslog protocol. This option provides real-time events.

    *IFS - Type this parameter to write events to a file with the integrated file system. This option requires the administrator to configure a log source with the log file protocol. This option writes events to a file, which can be read in only 15-minute intervals.

    IP Address

    Enter the IP address of your JSA system.

    If an IP address for JSA is defined as a special value in the WRKQJVAL command, you can type *CFG.

    Events can be forwarded to either the JSA console, an Event Collector, an Event Processor, or your JSA all-in-one appliance.

    Port

    Type 514 or *CFG as the port for syslog events.

    By default, *CFG automatically selects port 514.

    Tag

    This field is not used by JSA.

    Facility

    This field is not used by JSA.

    Severity

    Select a value for the event severity.

    For more information about severity that is assigned to *QRY destinations, look up the command WRKQJFVAL in your Cilasoft documentation.

    For more information on Cilasoft configuration parameters, see the Cilasoft QJRN/400 User's Guide.

    Syslog events that are forwarded to JSA are viewable on the Log Activity tab.