Log Source Detection
JSA automatically detects log sources that send syslog messages to an Event Collector.
Log sources are detected when JSA receives a specific number of identifiable syslog messages. The traffic analysis component processes syslog messages, identifies the DSMs that are installed on the system, and then assigns the appropriate DSM to the log source. Automatically discovered log sources are displayed in the Log Sources window.
JSA might not automatically detect log sources that have low activity levels. You must add these devices manually.
DSMs are used to interpret log source data. To receive log source data, you must ensure that the correct DSMs are installed in JSA.
For more information about automatically detecting or manually adding log sources, see the Juniper Secure Analytics Configuring DSMs Guide.
Displaying Log Sources
A log source is any external device or system that is configured to either send events to your JSA system or to be collected by your JSA system. You can display the log sources that are automatically discovered.
-
On the navigation menu, click Admin.
-
On the navigation menu, click Data Sources.
-
Click the Log Sources icon.
Results
Use the QRadar Use Case Manager app to visualize log source type coverage per rule. You can also use the app to identify gaps in rule coverage from content extensions.
Download the app at the IBM Security App Exchange.