Anaging Ensor Evices; Configuring Strm Log Management To Receive Events - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - MANAGING SENSOR DEVICES REV 1 Manual

1
Configuring STRM
Log Management to
Receive Events
Step 1
Step 2
Step 3
M
ANAGING
You can configure STRM Log Management to log and correlate events received
from external sources such as security equipment (for example, firewalls and
IDSs) and network equipment (for example, switches and routers). Sensor devices
allow you to integrate STRM Log Management with these external devices. This
chapter provides information on configuring sensor devices to the system
including:

Configuring STRM Log Management to Receive Events

•
• Managing Sensor Devices
• Configuring Protocols
Grouping Sensor Devices
•
STRM Log Management allows you to automatically discover sensor devices in
your deployment that are sending syslog messages. Any sensor devices that are
automatically discovered by STRM Log Management appear in the Sensor
Devices window. Automatic discovery of sensor devices can be configured on a
per Event Collector basis using the Auto Detection Enabled parameter in the Event
Collector configuration. For more information, see the STRM Log Management
Administration Guide, Using the Deployment Editor.
To configure STRM Log Management to receive events from devices, you must:
Configure the device to send events to STRM Log Management.
For information on configuring DSMs, see the Configuring DSMs Guide and your
vendor documentation.
Configure STRM Log Management to receive events from specific devices. See
Managing Sensor Devices.
Note: You must have administrative privileges to configure sensor devices in
STRM Log Management. For more information on accessing the Administration
Console, see the STRM Log Management Administration Guide.
Configure the necessary protocols. See
Managing Sensor Devices Guide
S D
ENSOR
Configuring
EVICES
Protocols.