Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Security Director stops seeing JSA as a log collector



Article ID: KB34099 KB Last Updated: 19 Apr 2019Version: 2.0

This article describes a scenario where Security Director no longer sees Juniper Secure Analytics (JSA) as a Log Collector. Thus, no logs are seen coming in. This occurs when the JSA administrator change the self signed certs on the JSA without notifying the Junos Space / Security Director administrator.

There are no logs in the Security Director and JSA does not display as a Log Collector.


  • Space Network Management Platform 18.2R1
  • Security Director 18.2R1
  • Juniper Secure Aanalytics 7.3.1
  • JSA

The JSA administrator changed the self signed certs on the JSA without notifying the Junos Space / Security Director administrator. As a result, the Security Director stops displaying logs in  Monitor > Events & Logs > All. Events and the log collector will not show up in Administration > Logging Management > Logging Nodes .

From the server.log:

2019-03-29 15:07:39,624 ERROR [] (ajp-space-0050569e8336/ JBAS014134: EJB Invocation failed on component jnap.ecm.LogCollectorManagerEJB for method public abstract throws javax.ejb.EJBException: Connect to [/] failed: Connection refused (Connection refused)

In the Security Director interface where the JSA previously showed up as a log collector, a spinning wheel is seen:



The administrator of the JSA changed the default self signed cert on the JSA. The Security Director still has the old cert which is no longer valid. It can no longer connect to the JSA and run it's AQL queries against the JSA.  

  1. Confirm with the JSA administrator if the self-signed certificate on the JSA has been changed. If so, run the following commands on the Junos Space node:

    [root@space-0050569e8336 server1]# mysql -u jboss -p$(grep mysql.jboss /etc/sysconfig/JunosSpace/pwd | awk -F= '{print $2}') ecm_db;
    mysql> delete from LogCollectorNode;
    Query OK, 1 row affected (0.00 sec)
    mysql> delete from LogCollectorCredential;
    Query OK, 1 row affected (0.00 sec)
  2. In the Security Directory interface, go to:

    Administration > Logging Management > Logging Nodes  

  3. Re-add the JSA as a logging node using the admin/password and IP address of JSA. These values have not changed. 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search