Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Epic SIEM 2014 to Communicate with JSA

To collect syslog events from Epic SIEM 2014, you must add an external syslog server for the JSA host.

  1. If all web services are not enabled for your instance of Interconnect, complete the following steps to run the required SendSIEMSyslogAudit service:

    1. To access the Interconnect Configuration Editor, click Start >Epic 2014 >Interconnect >your_instance >Configuration Editor.

    2. In the Configuration Editor, select the Business Services form.

    3. On the Service Category tab, click SendSIEMSyslogAudit.

    4. Click Save

  2. Log in to your Epic server.
  3. Click Epic System Definitions (%ZeUSTBL) >Security >Auditing Options >SIEM Syslog Settings >SIEM Syslog Configuration.
  4. Use the following table to configure the parameters:

    Parameter

    Description

    SIEM Host

    The host name or IP address of the JSA appliance.

    SIEM Port

    514

    SIEM Format

    LEEF (Log Event Extended Format).
  5. From the SIEM Syslog Settings menu, click SIEM Syslog and set it to enabled.

    The SIEM Syslog Sending daemon is automatically started when the environment is set to runlevel Up or when you enable SIEM Syslog.

  6. If you want to stop the daemon, from the SIEM Syslog Settings menu, click SIEM Syslog and set it to disabled.
    Note:

    If you stop the daemon when the syslog setting is enabled, the system continues to log data without purging. If you want to stop the daemon when the syslog setting is enabled, contact your Epic representative or your system administrator.

Related Documentation