Juniper SECURITY THREAT RESPONSE MANAGER - LOG MANAGEMENT INSTALLATION REV 1, STRM Log Management Installation Manual
Security Threat Response Manager
STRM Log Management Installation
Guide
Release 2008.2 R2
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Part Number:530-027302-01, Revision 1
Copyright Notice
Copyright © 2008 Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper
Networks Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this
document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks
assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves
the right to change, modify, transfer, or otherwise revise this publication without notice.
FCC Statement
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A
digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and
used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential
area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following
information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it
is not installed in accordance with NetScreen’s installation instructions, it may cause interference with radio and television reception. This equipment has
been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These
specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that
interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Consult the dealer or an experienced radio/TV
technician for help. Connect the equipment to an outlet on a circuit different from that to which the receiver is connected.
Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device.
Disclaimer
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET
THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE
SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY.
STRM Log Management Installation Guide
Release 2008.2 R2
Copyright © 2008, Juniper Networks, Inc.
All rights reserved. Printed in USA.
Revision History
September 2008—Revision 1
The information in this document is current as of the date listed in the revision history.
2
CONTENTS
ABOUT THIS GUIDE
Conventions 1
Technical Documentation 1
Contacting Customer Support 2
1 PREPARING FOR YOUR INSTALLATION
Deploying STRM-LM 3
Additional Hardware Requirements 4
Additional Software Requirements 4
Browser Support 4
Preparing Your Network Hierarchy 5
Identifying Network Settings 5
Identifying Security Monitoring Devices 6
2 INSTALLING STRM-LM
Setting Up Appliances 9
Installing Japanese Support 14
Accessing STRM-LM 15
A CHANGING NETWORK SETTINGS
Changing Network Settings in an All-in-One Console 17
Changing the Network Settings of a Console in a Multi-System Deployment 18
Changing the Network Settings of a Non-Console in a Multi-System Deployment 21
INDEX
Juniper
Networks
ABOUT THIS GUIDE
The STRM-LM Installation Guide provides you with information on setting up
STRM-LM. This guide assumes a working knowledge of networking and Linux
systems.
Conventions Table 1 lists conventions that are used throughout this guide.
Table 1 Icons
Icon Type Description
Information note Information that describes important features or
instructions.
Caution Information that alerts you to potential loss of
data or potential damage to an application,
system, device, or network.
Warning Information that alerts you to potential personal
injury.
Technical
Documentation
You can access technical documentation, technical notes, and release notes
directly from the Qmmunity web site at https://support@juniper.net. Once you
access the Qmmunity web site, locate the product and software release for which
you require documentation.
Your comments are important to us. Please send your e-mail comments about this
guide or any of the Juniper Networks documentation to:
documentation@juniper.net.
Include the following information with your comments:
• Document title
• Page number
STRM-LM Installation Guide
2 ABOUT THIS GUIDE
Contacting
Customer Support
To help you resolve any issues that you may encounter when installing or
maintaining STRM-LM, you can contact Customer Support as follows:
• Log a support request 24/7: https://support@juniper.net
For access to the Qmmunity web site, please contact Customer Support.
• Access Qmmunity and Self-Service support using e-mail: support@juniper.net
• Telephone assistance: 1.866.377.7000
STRM-LM Installation Guide
1
PREPARING FOR YOUR
I
NSTALLATION
This chapter provides information for when planning your STRM-LM deployment
including:
• Deploying STRM-LM
• Additional Hardware Requirements
• Additional Software Requirements
• Browser Support
• Preparing Your Network Hierarchy
• Identifying Network Settings
• Identifying Security Monitoring Devices
Your STRM-LM deployment may consist of STRM-LM installed on one or multiple
systems. You can also connect one or multiple STRM 1601system to your
STRM-LM system. For more information on appliances, see the Hardware
Installation Guide.
Deploying
STRM-LM
To ensure a successful STRM-LM deployment, adhere to the recommendations in
this document.
You can deploy STRM-LM using appliances or STRM-LM software installed on
your own hardware. A STRM-LM appliance includes STRM-LM software and a
CentOS-4 operating system. For further information on STRM appliances, see the
Hardware Installation Guide.
STRM-LM components that may exist in your deployment include:
Note: For more information on each STRM-LM component, see the STRM-LM
Administration Guide.
• Console - Provides the interface for STRM-LM. The Console is accessed from
a standard web browser. When you access the system, a prompt appears for a
user name and password, which is configured during the installation process.
You must also have Java installed. For information on software requirements,
see Additional Software Requirements.
STRM-LM Installation Guide
4 PREPARING FOR YOUR INSTALLATION
• Event Collector - The Event Collector gathers events from local and remote
device sources. The Event Collector normalizes events and sends the
information to the Event Processor. Before being sent to the Event Processor,
the Event Collector bundles identical events to conserve system usage.
• Event Processor - Processes events collected from one or more Event
Collector(s). Once received, the Event Processor correlates the information
from STRM-LM and distributes to the appropriate area, depending on the type
of event. Rules are applied to the events that allow the Event Processor to
process according to the configured rules.
Additional
Hardware
Requirements
Additional Software
Requirements
Before installing your STRM-LM systems, make sure you have access to the
additional hardware components:
• Monitor and keyboard or a serial console
• To make sure that your STRM-LM data is preserved during a power failure, we
highly recommend that all STRM-LM appliances or systems running STRM-LM
software storing data (such as, Consoles or Event Processors) be equipped
with a Uninterrupted Power Supply (UPS).
Before installing STRM-LM, make sure you have Java Runtime Environment
installed on your system. You can download Java version 1.5.0_15 at the following
web site: http://java.com/
Browser Support You must have a browser installed on your client system to access the STRM-LM
interface. STRM-LM supports the following web browsers:
- Microsoft Internet Explorer 6.0/7.0
- Firefox 2.0
Preparing Your
Network Hierarchy
STRM-LM uses the network hierarchy to understand your network traffic and
provide you with the ability to view network activity for your entire deployment.
STRM-LM supports any network hierarchy that can be defined by a range of IP
addresses. You can create your network based on many different variables,
including geographical or business units. For example, your network hierarchy
may include corporate IP address ranges (internal or external), physical
departments or areas, mails servers, and web servers.
Once you define the components you wish to add to your network hierarchy and
install STRM-LM, you can then configure the network hierarchy using the
STRM-LM interface. For each component you wish to add to your network
hierarchy, use the following table to indicate each component in your network map.
STRM-LM Installation Guide
Identifying Network Settings 5
At a minimum, we recommend that you define objects in the network hierarchy for:
• Internal/external Demilitarized zone (DMZ)
• VPN
• All internal IP address space (for example, 0.0.0.0/8)
• Proxy servers
• Network Address Translation (NAT) IP address range
• Server Network subnets
• Voice over IP (VoIP) subnets
Table 1- 1 Network Hierarchy
Description Name IP/CIDR Value Weight
Identifying Network
Settings
Identifying Security
Monitoring Devices
For more information, see the STRM-LM Administration Guide - Setting Up
STRM-LM, Creating Your Network Hierarchy.
Before you install STRM-LM, you must have the following information for each
system you wish to install:
• Hostname
• IP address
• Network Mask address
• Subnet Mask
• Default Gateway
• Primary DNS Server
• Secondary DNS Server (Optional)
• Public IP address for networks using Network Address Translation (NAT)
• E-mail Server
• NTP Server (Console only) or Time server
STRM-LM can collect and correlate events received from external sources such as
security equipment (for example, firewalls, VPNs, or IDSs) and host or application
security logs, such as, window logs. Device Support Modules (DSMs) allows you
to integrate STRM-LM with this external data.
STRM-LM Installation Guide
Loading...