Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1 Administration Manual page 81
Strm log management administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1:
Table of Contents
Advertisement
Table 5-3 Host Context Parameters (continued)
Parameter
Recovery Threshold
Shutdown Threshold
Inspection Interval
SAR Sentinel Settings
Inspection Interval
Alert Interval
Time Resolution
Log Monitor Settings
Inspection Interval
Monitored SYSLOG
File Name
Alert Size
Click Save.
Step 6
The System View appears.
STRM Log Management Administration Guide
Description
Once the system has exceeded the shutdown threshold,
disk usage must fall below the recovery threshold before
STRM Log Management processes are restarted. The
default is 0.90, therefore, processes will not be restarted
until the disk usage is below 90%.
Specify the recovery threshold.
Note: Notification e-mails are send to the Administrative
Email Address and are sent from the Alert Email From
Address, which is configured in the System Settings. For
more information, see
Management
.
When the system exceeds the shutdown threshold, all
STRM Log Management processes are stopped. An e-mail
is sent to the administrator indicating the current state of the
system. The default is 0.95, therefore, when disk usage
STRM Log Management
exceeds 95%, all
Specify the shutdown threshold.
Note: Notification e-mails are send to the Administrative
Email Address and are sent from the Alert Email From
Address, which is configured in the System Settings. For
more information, see
Management
.
Specify the frequency, in milliseconds, that you wish to
determine disk usage.
Specify the frequency, in milliseconds, that you wish to
inspect SAR output. The default is 300,000 ms.
Specify the frequency, in milliseconds, that you wish to be
notified that the thresholds have been exceeded. The default
is 7,200,000 ms.
Specify the time, in seconds, that you wish the SAR
inspection to be engaged. The default is 60 seconds.
Specify the frequency, in milliseconds, that you wish to
monitor the log files. The default is 60,000 ms.
Specify a filename for the SYSLOG file. The default is
/var/log/qradar.error.
Specify the maximum number of lines you wish to monitor
from the log file. The default is 1000.
Managing Your System View
Chapter 3 Setting Up STRM Log
processes stop.
Chapter 3 Setting Up STRM Log
75
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series