Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual page 168

162 S
AMHAIN
Step 8
Using JDBC
Step 1
Step 2
Step 3
Step 4
Step 5
Restart syslog:
/etc/init.d/syslog restart
Samhain sends logs using syslog to STRM.
You are now ready to configure Samhain DSM within the STRM interface. To
configure STRM to receive events from Samhain, select Samhain from the Sensor
Device Type drop-down list box.
You can configure Samhain to send log alerts to a database. Oracle, PostgreSQL,
and MySQL are natively supported by Samhain. You can also configure QRadar to
collect events from these databases using the JDBC protocol.
To configure STRM to access the Samhain database using the JDBC protocol:
Log into STRM.
Click Config.
The QRadar Administration Console appears.
Click SIM Configuration.
Click Protocol Configuration.
From the Sensor Device Protocol Configurations window, select the JDBC option
from the Protocol drop-down list box. In the JDBC Configuration window, enter the
following:
Database Type:
<Samhain Database Type>
Database Name: <
Samhain SetDBName>
Table Name: <
Samhain SetDBTable>
Select List:
*
Compare Field:
log_index
Hostname: <
Samhain SetDBHost>
Port:
<Default Port>
Username: <
Samhain SetDBUser>
Password: <
Samhain SetDBPassword>
Polling Interval:
<Default Interval>
Where:
<Samhain Database Type>
Samhain system administrator).
<Samhain SetDBName>
<Samhain SetDBTable>
<Samhain SetDBHost>
<Samhain SetDBUser>
Configuring DSMs Guide
is the database type used by Samhain (see your
is the database name specified in the samhainrc file.
is the database table specified in the samhainrc file.
is the database host specified in the samhainrc file.
is the database user specified in the samhainrc file.