The Extreme stackable and stand-alone switches DSM for IBM
QRadar accepts events by using
syslog.
About this task
QRadar records all relevant
events. Before you configure an Extreme stackable and stand-alone switches device in QRadar, you must configure your
device to forward syslog events.
To configure the device to forward syslog events to QRadar:
Procedure
-
Log in to the Extreme stackable and stand-alone switch device.
-
Type the following command:
set logging server <index> [ip-addr <IP
address>] [facility <facility>] [severity
<severity>] [descr <description>] [port
<port] [state <enable | disable>]
Where:
- <index> is the server table index number (1 - 8) for this server.
- <IP address> is the IP address of the server you want to send syslog
messages. You do not have to enter an IP address. If you do not define an IP address, an entry in
the Syslog server table is created with the specified index number, and a message is displayed
indicating that there is no assigned IP address.
- <facility> is a syslog facility. Valid values are local0 to local7. You do
not have to enter a facility value. If the value is not specified, the default value that is
configured with the set logging default command is applied.
- <description> is a description of the facility/server. You do not have to
enter a description.
- <port> is the default UDP port that the client uses to send messages to
the server. If not specified, the default value that is configured with the set
logging default command is applied. You do not have to enter a port value.
- <enable | disable> enables or disables this facility/server configuration.
You do not have to choose an option. If the state is not specified, it does not default to either
enable or disable.
- <severity> is the server severity level that the server will log messages.
The valid range is 1 - 8. If not specified, the default value that is configured with the
set logging default command is applied. You do not have to input a severity
value. The following are valid values:
- 1: Emergencies (system is unusable)
- 2: Alerts (immediate action needed)
- 3: Critical conditions
- 4: Error conditions
- 5: Warning conditions
- 6: Notifications (significant conditions)
- 7: Informational messages
- 8: Debugging message
-
You can now ready to configure the log source in QRadar.
To configure QRadar to
receive events from an Extreme stackable and stand-alone switch device:
From the Log Source Type list, select one of the following options:
- Extreme stackable and stand-alone switches
- Extreme A-Series
- Extreme B2-Series
- Extreme B3-Series
- Extreme C2-Series
- Extreme C3-Series
- Extreme D-Series
- Extreme G-Series
- Extreme I-Series
For more information about your Extreme stackable and stand-alone switches, see your vendor
documentation.