[Junos WebApp Secure/Mykonos] How to integrate JWAS (Juniper WebappSecure aka Mykonos) with STRM

  [KB28095] Show Article Properties


Summary:
This KB article talks about integrating JWAS (Mykonos) with STRM for log/event management. JWAS is an abbreviation for Juniper WebappSecure.
Symptoms:
JWAS - STRM integration
Cause:

Solution:
Below are the steps to integrate JWAS with STRM for event managment:

1. Download the latest DSM for Juniper WebAppSecure and install it on the STRM. To install the DSM, upload the DSM to /tmp directory of STRM and run the command “rpm –Uvh <DSM_filename>”

2. After the DSM installation, go to STRM WebUI and click “Deploy Changes” under Admin Tab.

3.  Configure JWAS to enable remote logging to send events/logs to STRM, to do that on the JWAS WebUI go to Configuration --> Logging --> Log Destinations and configure "Remote Logging". Below is an example screen shot:


Below screen shot shows that JWAS is configured for two remote syslog servers



4. Once JWAS starts sending the incidents, STRM auto-discovers the JWAS device/VM and it shows up in STRM WebUI “Log Sources” as below:


5. Thereafter the events are seen and properly assoiciated with DSM as shown in below screen shot




NOTE:
- If the DSM is not installed or older, the device doesn’t get “auto-discovered”.
- If the device is manually added in “Log Sources”, the event shows up as “Unknown Log Event”. In such case, install latest JWAS DSM on STRM.
- If the event is not seen in STRM, take a Packet capture on the STRM with root login and with below syntax:
[root@strm2 ~]# tcpdump -i eth0 -w /tmp/jwas.cap host <jwas_ip>

Related Links: