Configuring Cilasoft QJRN/400
To collect events, you must configure queries on your Cilasoft QJRN/400 to forward syslog events to JSA.
- To start the Cilasoft Security Suite, type the following
command:
IJRN/QJRN
The account that is used to make configuration changes must have ADM privileges or USR privileges with access to specific queries through an Extended Access parameter.
- To configure the output type, select one of the following
options:
To edit several selected queries, type 2EV to access the Execution Environment and change the Output Type field and type SEM.
- To edit large numbers of queries, type the command CHGQJQRYA and change the Output Type field and type SEM.
- On the Additional Parameters screen, configure the following
parameters:
Table 1: Cilasoft QJRN/400 Output Parameters Parameter
Description
Format
Type *LEEF to configure the syslog output to write events in Log Extended Event Format (LEEF).
LEEF is a special event format that is designed to for JSA.
Output
To configure an output type, use one of the following parameters to select an output type:
*SYSLOG - Type this parameter to forward events with the syslog protocol. This option provides real-time events.
*IFS - Type this parameter to write events to a file with the integrated file system. This option requires the administrator to configure a log source with the log file protocol. This option writes events to a file, which can be read in only 15-minute intervals.
IP Address
Enter the IP address of your JSA system.
If an IP address for JSA is defined as a special value in the WRKQJVAL command, you can type *CFG.
Events can be forwarded to either the JSA console, an Event Collector, an Event Processor, or your JSA all-in-one appliance.
Port
Type 514 or *CFG as the port for syslog events.
By default, *CFG automatically selects port 514.
Tag
This field is not used by JSA.
Facility
This field is not used by JSA.
Severity
Select a value for the event severity.
For more information about severity that is assigned to *QRY destinations, look up the command WRKQJFVAL in your Cilasoft documentation.
For more information on Cilasoft configuration parameters, see the Cilasoft QJRN/400 User's Guide.
Syslog events that are forwarded to JSA are viewable on the Log Activity tab.