Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual page 73

Review the file to determine a pattern, if present, for source IP address and source
Step 10
port.
For example, if your authentication server generates the following log message:
Jun 27 12:11:21 expo sshd[19926]: Accepted password for root
from 10.100.100.109 port 1727 ssh2
The pattern for source IP address is
Add an entry to the file for source IP address and source port:
Step 11
source_ip_pattern=<source IP pattern>
source_port_pattern=<source port pattern>
Where
<source IP pattern>
identified in
For example:
source_ip_pattern=from
source_port_pattern=port
Review the file to determine if a pattern exists for username.
Step 12
For example:
Jun 27 12:11:21 expo sshd[19926]: Accepted password for root
from 10.100.100.109 port 1727 ssh2
The pattern for username is
Add an entry to the file for the username pattern:
Step 13
For example:
user_name_pattern=for
You are now ready to configure the sensor device within the STRM interface. To
configure STRM to receive events from a generic authorization server, you must
select the Configurable Authentication message filter option from the Sensor
Device Type drop-down list box. For more information on configuring sensor
devices, see the Managing Sensor Devices Guide.
For more information regarding your firewall, see your vendor documentation.
and
Step 10 for source ip address and source port.
.
for
Configuring DSMs Guide
and the pattern for source port is
from
<source port pattern>
67
.
port
are the patterns