Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual page 210

Step 6
Configuring the
Universal DSM
within STRM
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
[0-9a-fA-F][:\-][0-9a-fA-F][0-9a-fA-F])</Pattern>
</Patterns>
</Field>
- <Field Name="Destination Mac Address">
<Patterns />
</Field>
</Fields>
</DSM>
Note: For additional information regarding regular expressions, go to:
http://java.sun.com/j2se/1.5.0/docs/api/java/util/regex/Pattern.html
Once you complete the Pattern Group for each field, configure the Order
parameter. The Order setting determines the precedence of patterns within a
particular Pattern set. Each Pattern within the pattern set for a particular field is
used in the Order set here. In the Event Name in the above example, the pass
pattern is always attempted before the block pattern. Therefore, it is important to
give your more common patterns a higher Order to improve performance.
Once you configure the GenericDSM.xml file, you must integrate the UNIX Firewall
with STRM. This means configuring a Universal DSM Sensor Device using the
STRM interface.
To configure the Universal DSM within STRM:
Configure a Universal DSM sensor device:
For more information on configuring a sensor device, see the Managing Sensor
Devices Guide.
Log in to STRM, using SSH.
Enter the following command:
service ecs restart
Events from the Universal DSM device can now successfully flow into STRM and
be parsed by the Universal DSM definition file.
To enable the mapping of events, restart Tomcat:
service tomcat restart
Events from the Universal DSM device can now be mapped in the Event Viewer.
To verify the correct parsing is occurring by performing a raw event search against
incoming events into STRM, log in to STRM.
Click the Event Viewer tab.
Select Search > Edit Search.
The Search window appears.