Radware DefensePro
The Radware DefensePro DSM for JSA accepts events by using syslog. Event traps can also be mirrored to a syslog server.
Before you configure JSA to integrate with a Radware DefensePro device, you must configure your Radware DefensePro device to forward syslog events to JSA. You must configure the appropriate information by using the Device > Trap and SMTP option.
Any traps that are generated by the Radware device are mirrored to the specified syslog server. The current Radware Syslog server gives you the option to define the status and the event log server address.
You can also define more notification criteria, such as Facility and Severity, which are expressed by numerical values:
Facility is a user-defined value that indicates the type of device that is used by the sender. This criteria is applied when the device sends syslog messages. The default value is 21, meaning Local Use 6.
Severity indicates the importance or impact of the reported event. The Severity is determined dynamically by the device for each message sent.
In the Security Settings window, you must enable security reporting by using the connect and protect/security settings. You must enable security reports to syslog and configure the severity (syslog risk).
You are now ready to configure the log source in JSA.
Syslog Log Source Parameters for Radware DefensePro
If JSA does not automatically detect the log source, add a Radware DefensePro log source on the JSA Console by using the Syslog protocol.
When using the Syslog protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect Syslog events from Radware DefensePro:
Parameter |
Value |
---|---|
Log Source Type |
Radware DefensePro |
Protocol Configuration |
Syslog |
Log Source Identifier |
Type the IP address or host name for the log source as an identifier for events from your Radware DefensePro installation. |