Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Add Security Director Insights as a Log Collector

 

To use the log collector functionality that comes along with the Security Director Insights installation, add the IP address of the Security Director Insights virtual machine (VM) as a log collector.

Note

After you upgrade to Log Collector 21.3, you can access historical logs from the legacy log collector ( Log Collector 20.1) by switching between both log collectors. You can add both the legacy log collector node and the Security Director Insights VM on the Logging Nodes page in Security Director. We've added read-only log collector support to enable you to view existing data in the event viewer. For details, see Security Director Release Notes.

Before you add the log collector node in the GUI, you must set the administrator password. By default, the Security Director log collector is disabled. You must first enable it and then set the administrator password.

To enable the log collector and configure the administrator password:

  1. Go to the Security Director Insights CLI.

    # ssh admin@${security-director-insights_ip}

  2. Enter the application configuration mode.

    user:Core# applications

  3. Enable Security Director log collector.

    user:Core#(applications)# set log-collector enable on

  4. Configure the administrator password.

    user:Core#(applications)# set log-collector password

    Enter the new password for SD Log Collector access:

    Retype the new password:

    Successfully changed password for SD Log Collector database access

Table 1 below lists the required specifications for deploying Security Director Insights as a log collector for various events per second (eps) rates.

Table 1: Specifications

Setup

CPU

Memory

5k

4

16

10k

8

16

15k

8

24

25k

16

32

To add the Security Director Insights VM IP address as a log collector node:

  1. From the Security Director user interface, select Administration > Logging Management > Logging Nodes, and click the plus sign (+).

    The Add Logging Node page appears.

  2. Choose the Log Collector type as Security Director Log Collector.
  3. Click Next.

    The Add Collector Node page appears.

  4. In the Node Name field, enter a unique name for the log collector.
  5. In the IP Address field, enter the IP address of the Security Director Insights VM.

    The IP address used in the Deploy OVF Template page must be used in the Add Collector Node page, as shown in Figure 1 and Figure 2.

    Figure 1: Deploy OVF Template Page
    Deploy OVF Template
Page
    Figure 2: Add Logging Node Page
    Add Logging Node Page
  6. In the User Name field, enter the username of the Security Director Insights VM.
  7. In the Password field, enter the password of the Security Director Insights VM.
  8. Click Next.

    The certificate details are displayed.

  9. Click Finish and then click OK to add the newly created Logging Node.
  10. After you add Security Director Insights as a log collector, enable the following options in Junos Space:
    1. Log in to Junos Space.
    2. Select Administration > Applications.
    3. Right-click Log Director and select Modify Application Settings.
    4. Enable the following options:
      • Enable SDI Log Collector Query Format

      • Integrated Log Collector on Space Server

Note
  • The log collector in Security Director Insights supports 25K events per second (eps).

  • Disable the raw log: user:Core#(applications)# set log-collector raw-log off.

  • Make sure that the SRX Series device configuration points to the corresponding SDI log collector.