Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual page 26

20 C P F
HECK OINT IRE
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
W -1
ALL
$FWDIR/bin/fw log -ftn | /usr/bin/logger -p local3.info >
/dev/null 2>&1 &
Save and close the file.
Open the syslog.conf file.
Add the following line:
< >.<
facility priority
Where:
< > is the syslog facility, for example,
facility
value entered in
< > is the syslog priority, for example,
priority
match the value entered in
< > indicates you must press the TAB key.
TAB
< > indicates the STRM managed host.
host
Save and close the file.
Depending on your operating system, enter the following command to restart
syslog:
In Linux:
service syslog restart
In Solaris:
/etc/init.d/syslog start
Enter the following command:
nohup $FWDIR/bin/fw log -ftn | /usr/bin/logger -p
<facility>.<priority> > /dev/null 2>&1 &
Where:
is a Syslog facility, for example, local3. This value must match the
<facility>
value entered in
is a Syslog priority, for example, info. This value must match the
<priority>
value entered in
You are now ready to configure the sensor device within the STRM interface. To
configure STRM to receive events from a Check Point Firewall-1 device using
syslog, choose one of the following options:
If you are using STRM 6.0, select CheckPoint Firewall-1 Devices via Syslog
•
from the Sensor Device Type drop-down list box.
• If you are using STRM 6.0.1 and above, select CheckPoint Firewall-1 from the
Sensor Device Type drop-down list box.
For more information on configuring sensor devices, see the Managing Sensor
Devices Guide.
For more information regarding Check Point FireWall-1, see the Check Point
FireWall-1 documentation.
> < ><
TAB TAB
Step 4.
Step 4.
Step 4.
Step 4.
Configuring DSMs Guide
>@< >
host
. This value must match the
local3
or
info notice
. This value must