Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual page 90
Configuring dsms
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1:
- Administration manual (370 pages) ,
- Manual (94 pages) ,
- Getting started (14 pages)
Table of Contents
Advertisement
84
J
N
S
UNIPER
ET
CREEN
Configuring STRM
to Collect IDP
Events
Configuring Juniper
NSM Protocol
Step 1
Step 2
Configuring STRM to
Collect Syslog from
an IDP Device
IDP
For example:
[syslog@juniper.net dayId="20061012" recordId="0"
timeRecv="2006/10/12 21:52:21" timeGen="2006/10/12 21:52:21"
domain="" devDomVer2="0" device_ip="10.209.83.4"
cat="Predefined" attack="TROJAN:SUBSEVEN:SCAN" srcZn="NULL"
srcIntf="NULL" srcAddr="192.168.170.20" srcPort="63396"
natSrcAddr="NULL" natSrcPort="0" dstZn="NULL" dstIntf="NULL"
dstAddr="192.168.170.10" dstPort="27374" natDstAddr="NULL"
natDstPort="0" protocol="TCP" ruleDomain="" ruleVer="5"
policy="Policy2" rulebase="IDS" ruleNo="4" action="NONE"
severity="LOW" alert="no" elaspedTime="0" inbytes="0"
outbytes="0" totBytes="0" inPak="0" outPak="0" totPak="0"
repCount="0" packetData="no" varEnum="31"
misc="<017>'interface=eth2" user="NULL" app="NULL" uri="NULL"]
Juniper NSM is a central management server for Juniper IDP. You can configure
STRM to collect and represent the Juniper IDP alerts as coming from a central
NSM, or STRM can collect syslog from the individual Juniper IDP device.
To configure STRM to Collect IDP events, you must:
•
Configuring Juniper NSM Protocol
Configuring STRM to Collect Syslog from an IDP Device
•
To configure STRM to integrate with a Juniper NSM device:
Configure the Juniper NSM protocol in the STRM interface.
To configure STRM to receive events from a Juniper NSM device using Juniper
NSM protocol, you must select the JuniperNSM option from the Protocol
drop-down list box when configuring your protocol configuration. For more
information, see Configuring Protocols in the Managing Sensor Devices Guide.
Configure the sensor device within the STRM interface.
To configure STRM to receive events from a Juniper NSM device, select the
Juniper Networks NetScreen-Security Manager (NSM) option from the Sensor
Device Type drop-down list box.
To configure STRM to receive events from a NetScreen IDP device, select the
Juniper Networks Intrusion Detection and Prevention (IDP) option from the
Sensor Device Type drop-down list box.
For more information on configuring devices, see the Managing Sensor Devices
Guide.
For more information regarding NetScreen IDP, see your NetScreen-Security
Manager documentation.
Configuring DSMs Guide
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series