Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

ISC BIND

The DSM for Internet System Consortium (ISC) BIND collects Syslog events from your ISC BIND device.

Complete the following steps to configure ISC BIND to communicate with JSA.

You can configure syslog on your ISC BIND device to forward events to JSA.

  1. Log in to your ISC BIND device.
  2. Open the following file to add a logging clause:

    named.conf

    logging {

    channel <channel_name> {

    syslog <syslog_facility>;

    severity <critical | error | warning | notice | info | debug [level ] | dynamic >;

    print-category yes;

    print-severity yes;

    print-time yes;

    };

    category queries {

    <channel_name>;

    };

    category notify {

    <channel_name>;

    };

    category network {

    <channel_name>;

    };

    category client {

    <channel_name>;

    };

    };

    For Example:

    logging {

    channel QRadar {

    syslog local3;

    severity info;

    };

    category queries {

    QRadar;

    };

    category notify {

    QRadar;

    };

    category network {

    QRadar;

    };

    category client {

    QRadar;

    };

    };

  3. Save and exit the file.
  4. Edit the syslog configuration to log to your JSA using the facility you selected in Step 2:

    <syslog_facility>.* @<IP Address>

    Where <IP Address> is the IP address of your JSA.

    For example:

    local3.* @192.16.10.10

    Note:

    JSA only parses logs with a severity level of info or higher.

  5. Restart the following services.

    service syslog restart

    service named restart

Add a log source in JSA.