When you configure Juniper Netscreen NSM integration to send log data to USM Anywhere, you can use the Juniper Netscreen NSM plugin to translate the raw log data into normalized events for analysis.
|Device type||Network and security manager|
Integrating Netscreen NSM
Integrating Netscreen NSM consists of
To configure a syslog host to use Netscreen NSM
On the Syslog configuration screen, click the Add icon to launch the Config dialog box for host configuration.
- Specify the hostname and port (514 for UDP, or 601 for TCP)
For each syslog host, specify
- any applicable traffic log entries or event log entries
the Security Facility responsible for classifying and sending messages to the syslog host for security-related actions
- the Standard Facility responsible for classifying and sending messages for events unrelated to security
transport protocol used for sending syslog messages (UDP or TCP)
- Click OK.
The WebTrends Firewall Suite allows customization of syslog reports to display the information you specify in a graphical format, such as that shown in the following illustration.
As of ScreenOS 6.3, the event log, traffic log, and IDP log formats follow the WebTrends Enhanced Format (WELF) log regulation. If backup for the logs is enabled, you can send logs to a maximum of four WebTrends servers.
To configure the security device to send syslog reports to a WebTrends syslog host
- Enable WebTrends reporting.
Specify the name of the WebTrends host and port on through which to send the syslog messages.
Note: If you are sending reports through a VPN tunnel, click Use Trust Zone Interface.
For plugin enablement information, see Manual Plugin Management.
Available Plugin Fields
The following plugin fields are important attributes extracted from the syslog message. The USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.
For troubleshooting, refer to the vendor documentation: