Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual page 79

30
Step 1
Step 2
Step 3
Step 4
Step 5
IBM AIX 5L
A STRM IBM AIX 5L DSM accepts events using syslog. STRM records all relevant
login, logoff, session opened, session closed, and accepted/failed password
events.
Note: If you are using syslog on a Unix host, we recommend that you upgrade the
standard syslog to a more recent version, such as, syslog-ng.
Before you configure STRM to integrate with IBM AIX, you must:
Log in as a root user.
Open the
/etc/syslog.conf
Forward the system's authentication logs to STRM by adding the following line to
the file:
auth.*@<IP address>
Where
<IP address>
Save and exit the file.
Restart syslog:
refresh -s syslogd
For example, a typical /etc/syslog.conf file may resemble the following:
##### begin /etc/syslog.conf
mail.debug /var/adm/maillog
mail.none /var/adm/maillog
auth.notice /var/adm/authlog
lpr.debug /var/adm/lpd-errs
kern.debug /var/adm/messages
*.emerg;*.alert;*.crit;*.warning;*.err;*.notice;*.info
/var/adm/messages
auth* @123.234.234.123
##### end /etc/syslog.conf
the QRadar system.
Configuring DSMs Guide
file.
is the IP address of the STRM system.
where 123.456.789.123 is the IP of