1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV...
  6. Administration manual

Forwarding Normalized Events - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1 Administration Manual

Strm log management administration guide
Hide thumbs Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1:
Table of Contents

Advertisement

Forwarding
Normalized Events
Step 1
To forward normalized events, you must configure an off-site Event Collector
(target) in your current deployment and the associated off-site Event Collector in
the receiving deployment (source).
You can add the following components to your Event View:
Off-site Source - Indicates an off-site Event Collector from which you wish to
receive data. The source must be configured with appropriate permissions to
send events to the off-site target.
Off-site Target - Indicates an off-site Event Collector to which you wish to send
data.
For example, if you wish to forward normalized events between two deployments
(A and B), where deployment B wishes to receive events from deployment A you
must configure deployment A with an off-site target to provide the IP address of the
managed host that includes Event Collector B. You must then connect Event
Collector A to the off-site target. In deployment B, you must configure an off-site
source with the IP address of the managed host that includes Event Collector A
and the port to which Event Collector A is monitoring.
If you wish to disconnect the off-site source, you must remove the connections
from both deployments. From deployment A, you must remove the off-site target
and in deployment B, you must remove the off-site source.
If you wish to enable encryption between deployments, you must enable
encryption on both off-site source and target. Also, you must ensure both the
off-site source and target include the public keys to ensure appropriate access. For
example, in the example below, if you wish to enable encryption between the
off-site source and Event Collector B, you must copy the public key (located at
/root/.ssh/id_rsa.pub) from the Event Collector to the off-site source (copy the file
to /root/.ssh/authorized_keys).
Event Collector A
Event Processor
Figure 5-1 Example of Connecting Deployments
To forward normalized events:
In the deployment editor, click the Event View tab.
The Event View appears.
STRM Log Management Administration Guide
Building Your Event View
Off-site
Source
Off-site
Target
Event Collector B
Event Processor
61

Advertisement

Table of Contents
loading

Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1

Related Content for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1

Table of Contents