Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

IBM Network Security (XGS)

The IBM Network Security (XGS) DSM accepts events by using the Log Event Extended Protocol (LEEF), which enables JSA to record all relevant events.

The following table identifies the specifications for the IBM Network Security (XGS) DSM:

Table 1: IBM Network Security (XGS) Specifications

Specification

Value

Manufacturer

IBM

DSM

Network Security (XGS)

RPM file name

  

Supported versions

v5.0 with fixpack 7 to v5.4

Protocol

syslog (LEEF)

JSA recorded events

All relevant system, access, and security events

Automatically discovered

Yes

Includes identity

No

More information

https://support.juniper.net/support/downloads/

Before you configure an Network Security (XGS) appliance in JSA, you must configure remote syslog alerts for your IBM Network Security (XGS) rules or policies to forward events to JSA.

Configuring IBM Network Security (XGS) Alerts

All event types are sent to JSA by using a remote syslog alert object that is LEEF enabled.

Remote syslog alert objects can be created, edited, and deleted from each context in which an event is generated. Log in to the Network Security (XGS) local management interface as admin to configure a remote syslog alert object, and go to one of the following menus:

  • Manage >System Settings >System Alerts (System events)

  • Secure >Network Access Policy (Access events)

  • Secure >IPS Event Filter Policy (Security events)

  • Secure >Intrusion Prevention Policy (Security events)

  • Secure >Network Access Policy >Inspection >Intrusion Prevention Policy

In the IPS Objects, the Network Objects pane, or the System Alerts page, complete the following steps.

  1. Click New >Alert >Remote Syslog.

  2. Select an existing remote syslog alert object, and then click Edit.

  3. Configure the following options:

    Table 2: Syslog Configuration Parameters

    Option

    Description

    Name

    Type a name for the syslog alert configuration.

    Remote Syslog Collector

    Type the IP address of your JSA console or Event Collector.

    Remote Syslog Collector Port

    Type 514 for the Remote Syslog Collector Port.

    Remote LEEF Enabled

    Select this check box to enable LEEF formatted events. This is a required field.

    If you do not see this option, verify that you have software version 5.0 and fixpack 7 installed on your IBM Network Security appliance.

    Comment

    Typing a comment for the syslog configuration is optional.

  4. Click Save Configuration.

    The alert is added to the Available Objects list.

  5. To update your IBM Network Security (XGS) appliance, click Deploy.

  6. Add the LEEF alert object for JSA to the following locations:

    • One or more rules in a policy

    • Added Objects pane on the System Alerts page

  7. Click Deploy

    For more information about the Network Security (XGS) device, click Help in the Network Security (XGS) local management interface browser client window or access the online Network Security (XGS) documentation.

Syslog Log Source Parameters for IBM Network Security XGS

If JSA does not automatically detect the log source, add an IBM Network Security XGS log source on the JSA Console by using the Syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Syslog events from IBM Network Security XGS:

Table 3: Syslog Log Source Parameters for the IBM Network Security XGS DSM

Parameter

Value

Log Source Name

Type a name for your log source.

Log Source type

IBM Network Security XGS

Protocol Configuration

Syslog

Log Source Identifier

Type the IP address or host name for the log source as an identifier for events from your IBM Network Security XGS.