The media-manager object configuration enables syslog notifications when the Intrusion
Detection System (IDS) completes an action on an IP address. The available action for the event
might depend on your firmware version.
Procedure
-
Type the following command to list the firmware version for your Oracle
Acme Packet SBC installation:
(configure)# show ver
ACME Net-Net OSVM Firmware SCZ 6.3.9 MR-2 Patch 2 (Build 465) Build
Date=03/12/13
You may see underlined text which shows the major and minor version number for the firmware.
-
Type the following commands to configure the media-manager object:
(configure)# media-manager (media-manager)# (media-manager)# media-manager
(media-manager)# sel (media-manager-config)#
The sel command is used to select a single-instance of the media-manager
object.
-
Type the following command to enable syslog messages when an IP is demoted by the Intrusion
Detection System (IDS) to the denied queue.
(media-manager-config)# syslog-on-demote-to-deny enabled
-
For firmware version C6.3.0 and later, type the following command to
enable syslog message when sessions are rejected.
(media-manager-config)# syslog-on-call-reject enabled
-
For firmware version C6.4.0 and later, type the following command to
enable syslog messages when an IP is demoted to the untrusted queue
(media-manager-config)# syslog-on-demote-to-untrusted enabled
-
Type the following commands to return to configuration mode:
(media-manager-config)# done (media-manager-config)# exit (media-manager)# exit
(configure)# exit
-
Type the following commands to save and activate the configuration:
# save Save complete # activate
-
Type reboot to restart your Oracle Acme Packet SBC installation.
After the system restarts, events are forwarded to IBM
QRadar and displayed on the
Log Activity tab.