Juniper NSM log source parameters for Juniper Networks Network and Security Manager

If QRadar does not automatically detect the log source, add a Juniper Networks Network and Security Manager log source on the QRadar Console by using the Juniper NSM protocol.

When using the Juniper NSM protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Juniper NSM events from Juniper Networks Network and Security Manager:

Table 1. Juniper NSM log source parameters for the Juniper Networks Network and Security Manager DSM
Parameter	Value
Log Source Type	Juniper Networks Network and Security Manager
Protocol Configuration	Juniper NSM
Log Source Identifier	Type the IP address or host name for the log source. The Log Source Identifier must be unique for the log source type.
IP	Type the IP address or host name of the Juniper Networks NSM server.
Inbound Port	Type the Inbound Port to which the Juniper Networks NSM sends communications. The valid range is 0 - 65536. The default is 514.
Redirection Listen Port	Type the port to which traffic is forwarded. The valid range is 0 - 65,536. The default is 516.
Use NSM Address for Log Source	Select this check box to use the Juniper NSM management server IP address instead of the log source IP address. By default, the check box is selected.

Note: In the QRadar interface, the Juniper NSM protocol configuration provides the option to use the Juniper Networks NSM IP address by selecting the Use NSM Address for Log Source check box. If you wish to change the configuration to use the originating IP address (clear the check box), you must log in to your QRadar Console, as a root user, and restart the Console (for an all-in-one system) or the Event Collector hosting the log sources (in a distributed environment) by using the shutdown -r now command.

For a complete list of Juniper NSM parameters and their values, see c_logsource_NSMprotocol.html.