Enabling syslog settings on the media manager object

The media-manager object configuration enables syslog notifications when the Intrusion Detection System (IDS) completes an action on an IP address. The available action for the event might depend on your firmware version.

Procedure

  1. Type the following command to list the firmware version for your Oracle Acme Packet SBC installation:

    (configure)# show ver

    ACME Net-Net OSVM Firmware SCZ 6.3.9 MR-2 Patch 2 (Build 465) Build Date=03/12/13

    You may see underlined text which shows the major and minor version number for the firmware.

  2. Type the following commands to configure the media-manager object:

    (configure)# media-manager (media-manager)# (media-manager)# media-manager (media-manager)# sel (media-manager-config)#

    The sel command is used to select a single-instance of the media-manager object.

  3. Type the following command to enable syslog messages when an IP is demoted by the Intrusion Detection System (IDS) to the denied queue.

    (media-manager-config)# syslog-on-demote-to-deny enabled

  4. For firmware version C6.3.0 and later, type the following command to enable syslog message when sessions are rejected.

    (media-manager-config)# syslog-on-call-reject enabled

  5. For firmware version C6.4.0 and later, type the following command to enable syslog messages when an IP is demoted to the untrusted queue

    (media-manager-config)# syslog-on-demote-to-untrusted enabled

  6. Type the following commands to return to configuration mode:

    (media-manager-config)# done (media-manager-config)# exit (media-manager)# exit (configure)# exit

  7. Type the following commands to save and activate the configuration:

    # save Save complete # activate

  8. Type reboot to restart your Oracle Acme Packet SBC installation.

    After the system restarts, events are forwarded to IBM QRadar and displayed on the Log Activity tab.