Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring SysFlow agent to communicate with JSA

To forward events to JSA, you must install a SysFlow collector by using OpenShift or Kubernetes cluster.

The SysFlow installation uses the OpenShift or Kubernetes operator. The operator uses custom resources to manage the SysFlow agent and it's associated components. This installation deploys the operator pod and then applies custom resources. When the custom resources are created, the operator deploys SysFlow agent pods to all worker nodes in the cluster. During the installation process, OpenShift or Kubernetes cluster downloads container images from the Internet.

  1. Use SSH to log in as administrator to the master node of your OpenShift or Kubernetes cluster.
  2. Download the SysFlow installation package and then extract the files.
  3. Go to the root folder sf-operator of the extracted installation package, and then go to the / scripts/run directory.
  4. To run the script, type the following command:

    cd scripts/run/

  5. To deploy the operator, type the following command:

    ./deployOperator.sh

  6. To deploy the SysFlow agent, type the following command:

    ./applyCR.sh <JSA_Console_IP_address > 514 tcp

If JSA does not automatically detect the log source, add a SysFlow log source on the JSA Console.

Related Documentation