Juniper Networks AVT

The Juniper Networks Application Volume Tracking (AVT) DSM for IBM® QRadar® accepts events by using Java™ Database Connectivity (JDBC) protocol.

About this task

QRadar records all relevant events. To integrate with Juniper Networks NSM AVT data, you must create a view in the database on the Juniper Networks NSM server. You must also configure the Postgres database configuration on the Juniper Networks NSM server to allow connections to the database since, by default, only local connections are allowed.

Note: This procedure is provided as a guideline. For specific instructions, see your vendor documentation.

Procedure

  1. Log in to your Juniper Networks AVT device command-line interface (CLI).
  2. Open the following file:

    /var/netscreen/DevSvr/pgsql/data/pg_hba.conf file

  3. Add the following line to the end of the file:

    host all all <IP address>/32 trust

    Where: <IP address> is the IP address of your QRadar Console or Event Collector that you want to connect to the database.

  4. Reload the Postgres service:

    su - nsm -c "pg_ctl reload -D /var/netscreen/DevSvr/pgsql/data"

  5. As the Juniper Networks NSM user, create the view by using the following input: 
    create view strm_avt_view as SELECT a.name, a.category, v.srcip,v.dstip,v.dstport, v."last", u.name as userinfo, v.id, v.device, v.vlan,v.sessionid, v.bytecnt,v.pktcnt, v."first" FROM avt_part v JOIN app a ON v.app =a.id JOIN userinfo u ON v.userinfo = u.id;

    The view is created.

    You are now ready to configure the log source in QRadar.