Security Director FAQ
This topic includes the most frequently asked questions on Security Director. To learn more about the product, please see our User Guide.
What should I do if the Log Collector node fails to get added to Security Director?
You can only configure the IP address of a Log Collector node with the configuration script. If an IP address is configured manually, then the Log Collector node cannot be added to Security Director.
Verify that the following entry appears in the /etc/hosts file:<IP>LOG-COLLECTOR localhost.localdomain localhost. If you do not see this entry, then re-create the entry and add the node back through the Security Director administration workspace.
What should I do if I do not see logs on the Monitor page in Security Director ?
There could be a time mismatch between the Log Collector node and the Junos Space server.
The Log Collector and the Junos Space Network Management Platform must be synchronized with the NTP server. Use NTP to synchronize the time between nodes.
I refreshed the Log Space server after I added the Log Collector node. The node failed to get added to Security Director. I see the following message: node is part of another Fabric. What should I do?
The node is added to another Junos Space server or the Junos Space server where it was added is no longer present.
You must delete the existing Log Collector node from Security Director > Administration > Logging Management > Logging Nodes before adding another Log Collector node.
Log in to the Log Collector node using root credentials and delete the following file: /etc/specialNodeAgent/nodeAdded-<IP>
Add another Log Collector node to Security Director > Administration > Logging Management > Logging Nodes.
How long are logs retained in Log Collector before they are recycled automatically to accommodate new logs?
System logs are retained until 80% of the disk space is utilized on the Log Collector node. Older logs are deleted to ensure that 20% of the disk space is free to store new logs.
How do I increase the disk size of Log Collector from the default storage limit of 500 GB?
You can use the resizeFS.sh script to increase the disk size.
I do not see all of the information about system logs on the Security Director > Monitor > Events & Logs pages. However, the raw log shows the complete log information. What should I do?
The system logs that are received might not be structured system logs.
You must ensure that only the structured system logs are sent to Log Collector, so that they are parsed and all the fields are displayed properly.
I am unable to find the problem with my logging infrastructure and want to contact support. What information should I have handy?
You can use the diagnostics tool that scans through all of your Log Collector nodes. The tool gathers log files, configuration settings, and other health status information and then bundles all the information in a zip file. You can run this tool and generate the dump file.
You can find the detailed dump file in /opt/system-diagnostics/out/<Date-Time> syslog-capture.pcap.
I am unable to view devices under Logging Devices after configuring devices to send logs to Log Collector.
It will take an hour for devices that are configured to send logs to Log Collector to be displayed under Logging Devices.
I am an existing Spotlight Secure customer, do I need to purchase additional licenses to use Policy Enforcer within Security Director?
No, the existing Spotlight Secure license (SPOT-CC) entitles you to use Policy Enforcer. There is no need to re-issue or transfer any licenses. You must, however, make sure you are using a supported version of Security Director. In addition, the SPOT-CC licenses gives you access to Command and Control (C & C) feeds, GeoIP feeds, and custom feeds.
What hypervisor does Policy Enforcer support?
Policy Enforcer supports only the VMware ESXi hypervisor.
If I want to manage Juniper ATP Cloud with Security Director, do I have to install the Policy Enforcer virtual machine?
Yes. Policy Enforcer itself is installed on a virtual machine and uses RESTful APIs to communicate with both Security Director and Juniper ATP Cloud.