Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual page 24

18 B C SG
LUE OAT
Step 10
Step 11
Step 12
Step 13
Step 14
Note: The Format tab allows you to create a format to use for your log facilities.
Although several log formats ship with the SGOS software, STRM requires that the
streaming log format use the default ELFF log format.
Make sure the Multiple-valued header policy option is set to Log last header. Click
OK.
Click Apply.
Configure the log format:
From the menu, select Access Logging > Logs.
a
Click the General Settings tab.
b
Using the Log: drop-down list box, select streaming.
c
Verify the Log Format is set to squid.
d
Note: STRM requires that the Squid log format be selected to ensure that the
ELFF formatted logs are properly transferred to STRM in the expected Squid
format.
Configure the host you wish to send logs:
From the menu, select Access Logging > Logs.
a
Click the Upload Client tab.
b
Using the Log: drop-down list box, select streaming.
c
From the Client type drop-down list box, select Custom Client.
d
Click Settings.
e
For the host to which you wish to send logs to STRM, configure the host and
f
port. The STRM default for syslog is 514.
Click Ok.
g
In the Save the log file parameter, make sure the text file option is selected.
h
Configure the appropriate access:
From the menu, select Access Logging > Logs.
a
Click the Upload Schedule tab.
b
Using the Log: drop-down list box, select streaming.
c
In the Upload the access log parameter, make sure the continuously option is
d
selected.
Click Apply.
e
You are now ready to configure the sensor device within the STRM Console. To
configure STRM to receive events from a Blue Coat SG device, you must select
the Blue Coat SG Appliance option from the Sensor Device Type drop-down list
box. For more information on configuring sensor devices, see the Managing
Sensor Devices Guide.
Configuring DSMs Guide