Juniper SECURITY THREAT RESPONSE MANAGER - LOG MANAGEMENT INSTALLATION REV 1, Installation Manual

Page 1: ...orks Inc 1194 North Mathilda Avenue Sunnyvale CA 94089 USA 408 745 2000 www juniper net Part Number 530 027302 01 Revision 1 Security Threat Response Manager STRM Log Management Installation Guide Release 2008 2 R2 ...

Page 2: ... radio frequency energy If it is not installed in accordance with NetScreen s installation instructions it may cause interference with radio and television reception This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules These specifications are designed to provide reasonable protection again...

Page 3: ...paring Your Network Hierarchy 5 Identifying Network Settings 5 Identifying Security Monitoring Devices 6 2 INSTALLING STRM LM Setting Up Appliances 9 Installing Japanese Support 14 Accessing STRM LM 15 A CHANGING NETWORK SETTINGS Changing Network Settings in an All in One Console 17 Changing the Network Settings of a Console in a Multi System Deployment 18 Changing the Network Settings of a Non Co...

Page 4: ......

Page 5: ...ce you access the Qmmunity web site locate the product and software release for which you require documentation Your comments are important to us Please send your e mail comments about this guide or any of the Juniper Networks documentation to documentation juniper net Include the following information with your comments Document title Page number Table 1 Icons Icon Type Description Information no...

Page 6: ...counter when installing or maintaining STRM LM you can contact Customer Support as follows Log a support request 24 7 https support juniper net For access to the Qmmunity web site please contact Customer Support Access Qmmunity and Self Service support using e mail support juniper net Telephone assistance 1 866 377 7000 ...

Page 7: ... LM deployment adhere to the recommendations in this document Deploying STRM LM You can deploy STRM LM using appliances or STRM LM software installed on your own hardware A STRM LM appliance includes STRM LM software and a CentOS 4 operating system For further information on STRM appliances see the Hardware Installation Guide STRM LM components that may exist in your deployment include Note For mo...

Page 8: ...d with a Uninterrupted Power Supply UPS Additional Software Requirements Before installing STRM LM make sure you have Java Runtime Environment installed on your system You can download Java version 1 5 0_15 at the following web site http java com Browser Support You must have a browser installed on your client system to access the STRM LM interface STRM LM supports the following web browsers Micro...

Page 9: ...STRM LM you must have the following information for each system you wish to install Hostname IP address Network Mask address Subnet Mask Default Gateway Primary DNS Server Secondary DNS Server Optional Public IP address for networks using Network Address Translation NAT E mail Server NTP Server Console only or Time server Identifying Security Monitoring Devices STRM LM can collect and correlate ev...

Page 10: ... VPN devices Record the primary application of the host system for example e mail anit virus domain controller or a workstation Msg Level indicates the message level you wish to log For example critical informational debug No of Users indicates the maximum number of hosts users using or being served by tis device Network Location indicates whether this device is located on the Internet DMZ Intrane...

Page 11: ...STRM LM Installation Guide Identifying Security Monitoring Devices 7 ...

Page 12: ......

Page 13: ...e see the Hardware Installation Guide Step 2 Choose one of the following options a Connect a laptop to the serial port on the rear of the appliance Note When using a laptop to connect to the system you must use a terminal program such as HyperTerminal to connect to the system Be sure to set Connect Using to the appropriate COM port of the serial connector and Bits per second to 9600 You must also ...

Page 14: ...it four part separated by hyphens alphanumeric string that you receive from Juniper Networks The letter I and the number 1 one are treated the same as are the letter O and the number 0 zero You can find the activation key Printed on a sticker and physically placed on your appliance Included with the packing slip all appliances are listed along with their associated keys Step 6 Enter your activatio...

Page 15: ...t the Next option Press Enter The Enter Time Server window appears Go to Step 10 Step 9 To manually enter the time and date a Enter the current date and time b Using the left right arrow keys select Next Press Enter c Go to Step 11 Step 10 To specify a time server a In the text field enter the time server name or IP address b Using the left right arrow keys select Next Press Enter The Time Zone Co...

Page 16: ...ddress of the system Network Mask Specify the network mask address for the system Gateway Specify the default gateway of the system Primary DNS Specify the primary DNS server Secondary DNS Optional Specify the secondary DNS server Public IP Optional Specify the Public IP address of the server This is a secondary IP address that is used to access the server usually from a different network or the I...

Page 17: ...ot Password window appears c Re enter your new password to confirm d Use the TAB key to move to the Finish option Press Enter A series of messages appear as STRM LM continues with the installation This process typically takes several minutes The Configuration is Complete window appears Step 14 Press Enter to select OK You are now ready to access STRM LM For more information see Accessing STRM LM ...

Page 18: ...at the appropriate font and characters appear in the Reports interface Note To display reports in PDF format Adobe Acrobat may require the installation of a Japanese plug in to view your reports For more information see your Adobe documentation To install the Japanese plug in on a STRM LM appliance Step 1 Set up STRM LM Step 2 Go to the Qmmunity web site to download the plug in https support junip...

Page 19: ...ress is the IP address of the STRM LM system The default values are Username admin Password root password Where root password is the password assigned to STRM LM during the installation process Step 3 Click Login To STRM For your STRM LM Console a default key provides you access to STRM LM for five weeks For more information on the license key see the STRM LM Administration Guide ...

Page 20: ...STRM LM Installation Guide 16 INSTALLING STRM LM ...

Page 21: ...u must have a local connection to your Console before executing the script Step 1 Log in to the Console as root Step 2 Enter the following command qchange_netsetup The Configure STRM LM window appears Step 3 Using the up down arrow keys to navigate the fields change the necessary parameters Hostname Specify a fully qualified domain name as the system hostname IP Address Specify the IP address of t...

Page 22: ...tings re add the managed host s and then re assign the component s You must perform this procedure in the following order Removing Non Console Managed Hosts Changing the Network Settings Re Adding Managed Host s and Re Assigning the Components Note This procedure requires you to use the Deployment Editor For more information on using the Deployment Editor see the STRM LM Administration Guide Remov...

Page 23: ...ss of the system Netmask Specify the network mask address for the system Gateway Specify the default gateway of the system Primary DNS Specify the primary DNS server Secondary DNS Optional Specify the secondary DNS server Public IP Optional Specify the Public IP address of the server This is a secondary IP address that is used to access the server usually from a different network or the Internet a...

Page 24: ...rd of the host Specify the root password for the host Confirm the root password of the host Specify the password again for confirmation Step 5 Click Next Step 6 Click Finish Step 7 Re assign all components to your non Console managed host a In the STRM LM Deployment Editor click the Flow View or Event View tab b Select the component you wish to re assign to the managed host c From the menu select ...

Page 25: ...e Removing the Non Console Managed Host To remove non Console managed host from your deployment you must Step 1 Log in to STRM LM https IP Address Where IP Address is the IP address of the STRM LM system Username admin Password root password Where root password is the password assigned to STRM LM during the installation process Step 2 In the main STRM LM Interface click Config Step 3 In the main S...

Page 26: ...by your network administrator This Public IP address is often configured using Network Address Translation NAT services on your network or firewall settings on your network NAT translates an IP address in one network to a different IP address in another network Email Server Specify the email server If you do not have an email server specify localhost in this field Step 4 Use the TAB key to move to...

Page 27: ...inish Step 7 Re assign all components to your non Console managed host a In the STRM LM Deployment Editor click the Flow View or Event View tab b Select the component you wish to re assign to the managed host c From the menu select Actions Assign Note You can also use the right mouse button right click to access the Actions menu items The Assign Component wizard appears d From a Select a host drop...

Page 28: ......

Page 29: ...ns 1 customer support contacting 2 E Event Collector definition 4 Event Processor definition 4 I installing Japanese support 14 preparing 3 J Japanese support 14 N network hierarchy preparing 5 network settings identifying 5 P preparing 3 R requirements hardware 4 S security monitoring devices identifying 6 software requirements 4 ...

Page 30: ......