Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation
JSA3800JSA5800JSA7500JSA7800JSA Series Virtual Appliance
JSA3800 Juniper Secure Analytics Administration Guide Configuring JSA to Forward Data to Other Systems

Juniper Secure Analytics Administration Guide

keyboard_arrow_up
close
keyboard_arrow_left
Juniper Secure Analytics Administration Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
keyboard_arrow_right

Configuring Routing Rules to Forward Data

date_range 28-Apr-22
arrow_backward
arrow_forward

Forward data by configuring filter-based routing rules.

You can configure routing rules to forward data in either online or offline mode:

  • In Online mode, your data remains current because forwarding is done in real time. If the forwarding destination becomes unreachable, any data that is sent to that destination is not delivered, resulting in missing data on that remote system. To ensure that delivery is successful, use offline mode.

  • In Offline mode, all data is first stored in the database and then sent to the forwarding destination. This mode ensures that no data is lost; however, delays in data forwarding can occur.

  1. On the navigation menu (), click Admin.
  2. In the System Configuration section, click Routing Rules.
  3. On the toolbar, click Add.
  4. In the Routing Rule window, type a name and description for your routing rule.
  5. In the Mode field, select one of the following options: Online or Offline.
  6. In the Forwarding Event Collector or Forwarding Event Processor list, select the event collector from which you want to forward data.

    Learn more about the forwarding appliance:

    • Forwarding Event Collector - Specifies the Event Collector that you want this routing rule to process data from. This option displays when you select the Online option.

      Note:

      Online/Realtime forwarding is not impacted by any Rate Limit or Scheduling configurations that might be configured on a Store and Forward event collectors.

    • Forwarding Event Processor - Specifies the Event Processor that you want this routing rule to process data from. This option is displayed when you select the Offline option.

      Note:

      This option is not available if Drop is selected from the Routing Options pane.

  7. In the Data Source field, select which data source you want to route: Events or Flows.

    The labels for the next section change based on which data source you select.

  8. Specify which events or flows to forward by applying filters:

    1. To forward all incoming data, select the Match All Incoming Events or Match All Incoming Flows checkbox.

      Note:

      If you select this checkbox, you cannot add a filter.

    2. To forward only some events or flows, specify the filter criteria, and then click Add Filter.

  9. Specify the routing options to apply to the forwarded data:

    1. Optional: If you want to edit, add, or delete a forwarding destination, click the Manage Destinations link.

    2. To forward log data that matches the specified filters, select the Forward checkbox and then select the checkbox for each forwarding destination.

      Note:

      If you select the Forward check box, you can select only one of these check boxes: Drop, Bypass Correlation, or Log Only.

  10. Click Save.

Routing options for rules

You can choose from four rule routing options: Forward, Drop, Bypass correlation, and Log Only. The following table describes the different options and how to use them.

Table 1: Rule Routing Options

Routing type

Description

Forward

Data is forwarded to the specified forwarding destination. Data is also stored in the database and processed by the Custom Rules Engine (CRE).

Drop

Data is dropped. The data is not stored in the database and is not processed by the CRE. This option is not available if you select the Offline option. Any events that are dropped are credited back 100% to the license.

Bypass Correlation

Data bypasses CRE, but it is stored in the database. This option is not available if you select the Offline option.

The Bypass correlation option does not require an entitlement for JSA Data Store. Bypass correlation allows events that are received in batches to bypass real-time rules. You can use the events in analytic apps and for historical correlation runs. For historical correlation runs, the events can be replayed as though they were received in real time.

Log Only (Exclude Analytics)

Events are stored and flagged in the database as Log Only and bypass CRE. These events are not available for historical correlation, and are credited back 100% to the license. This option is not available for flows or if you select the Offline option.

The Log Only option requires an entitlement for JSA Data Store. After the entitlement is purchased and the Log Only option is selected, events that match the routing rule are stored to disk and are available to view and for searches. The events bypass the custom rule engine and no real-time correlation or analytics occur. The events can't contribute to offenses and are ignored when historical correlation runs.

The following table describes different routing option combinations that you can use. These options are not available in offline mode.

Table 2: Rule Routing Combination Options

Routing combination

Description

Forward and Drop

Data is forwarded to the specified forwarding destination. Data is not stored in the database and is not processed by the CRE. Any events that are dropped are credited back 100% to the license.

Forward and Bypass Correlation

Data is forwarded to the specified forwarding destination. Data is stored in the database, but it is not processed by the CRE.

Forward and Log Only (Exclude Analytics)

Events are forwarded to the specified forwarding destination. Events are stored and flagged in the database as Log Only and bypass CRE. These events are not available for historical correlation, and are credited back 100% to the license.

If data matches multiple rules, the safest routing option is applied. For example, if data that matches a rule that is configured to drop and a rule to bypass CRE processing, the data is not dropped. Instead, the data bypasses the CRE and is stored in the database.

Related Documentation

arrow_backward PREVIOUS Configuring Forwarding Profiles
NEXT arrow_forward Using Custom Rules and Rule Responses to Forward Data
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top