Adding Bulk Log Source by using the Log Sources Icon
You can add up to 500 log sources at one time. When you add multiple log sources at one time, you add a bulk log source in JSA. Bulk log sources must share a common configuration.
If you are using JSA 7.3.0 or earlier, you can add a log source in JSA by using the Log Sources icon.
If you are using JSA 7.3.1 to 7.3.3, you can also add a log source by using JSA Log Source Management app.
Click the Admin tab, click the Log Sources.
-
From the Bulk Actions list, select Bulk Add.
In the Bulk Log Sources window, configure the parameters for the bulk log source.
Select the Enabled check box to enable the log source. By default, this check box is selected.
Select the Coalescing Events check box to enable the log source to coalesce (bundle) events. Automatically discovered log sources use the default value that is configured in the Coalescing Events list in the System Settings window on the Admin tab. However, when you create a new log source or update the configuration for an automatically discovered log source, you can override the default value by configuring this check box for each log source. For more information, see theJuniper Secure Analytics Administration Guide.
Select the Store Event Payload check box to enable or disable JSA from storing the event payload. Automatically discovered log sources use the default value from the Store Event Payload list in the System Settings window on the Admin tab. When you create a new log source or update the configuration for an automatically discovered log source, you can override the default value by configuring this check box for each log source. For more information, see the Juniper Secure Analytics Administration Guide.
Upload the log sources by choosing one of the following methods:
File Upload - Upload a text file that has one host name or IP per line.
The text file must contain one IP address or host name per line. Extra characters after an IP address or host names longer than 255 characters can result in a value being bypassed from the text file. The file upload lists a summary of all IP address or host names that were added as the bulk log source.
Manual - Enter the host name or IP of the host that you want to add.
Click Add > Save.
Note:By default, a check box is selected for each log source in the host list. Clear the check box if you want the log source to be ignored. Duplicate host names or IP addresses are ignored.
Click Continue to add the log sources
On the Admin tab, click Deploy Changes.