Configuring Cloudera Navigator to Communicate with JSA
Ensure that Cloudera Navigator can access port 514 on the JSA system.
You can configure Cloudera Navigator device to send JSON format syslog events to JSA.
When you install Cloudera Navigator, all audit logs are collected automatically. However, you must configure Cloudera Navigator to send audits logs to JSA by using syslog.
- Do one of the following tasks:
Click Clusters >Cloudera Management Service >Cloudera Management Service.
On the Status tab of the Home page, click the Cloudera Management Service link in Cloudera Management Service table.
- Click the Configuration tab.
- Search for Navigator Audit Server Logging Advanced Configuration Snippet.
- Depending on the format type, enter one of the following
values in the Value field:
log4j.logger.auditStream = TRACE,SYSLOG
log4j.appender.SYSLOG = org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.SyslogHost = <QRadar Hostname>
log4j.appender.SYSLOG.Facility = Local2
log4j.appender.SYSLOG.FacilityPrinting = true
log4j.additivity.auditStream = false
- Click Save Changes.