The Juniper EX Series Ethernet Switch DSM for IBM
QRadar accepts events by using
syslog.
About this task
The Juniper EX Series Ethernet Switch DSM supports Juniper EX Series Ethernet Switches running
Junos OS. Before you can integrate QRadar with a Juniper EX Series
Ethernet Switch, you must configure your Juniper EX Series Switch to forward syslog events.
Procedure
- Log in to the Juniper EX Series Ethernet Switch command line interface
(CLI).
- Type the following command:
- Type the following command:
set system syslog host <IP address>
<option> <level>
Where:
-
<IP address> is the IP address of your QRadar.
-
<level> is info, error, warning, or any.
-
<option> is one of the following options from Table 1.
Table 1. Juniper Networks EX Series switch options
Option
|
Description
|
any |
All facilities
|
authorization |
Authorization system
|
change-log |
Configuration change log
|
conflict-log |
Configuration conflict log
|
daemon |
Various system processes
|
dfc |
Dynamic flow capture
|
explicit-priority |
Include priority and facility in messages
|
external |
Local external applications
|
facility-override |
Alternative facility for logging to remote host
|
firewall |
Firewall filtering system
|
ftp |
FTP process
|
interactive-commands |
Commands run by the UI
|
kernel |
Kernel
|
log-prefix |
Prefix for all logging to this host
|
match |
Regular expression for lines to be logged
|
pfe |
Packet Forwarding Engine
|
user |
User processes
|
For example:
set system syslog host <IP_address> firewall info
This command example configures the Juniper EX Series Ethernet Switch to send info messages from
firewall filter systems to your QRadar.
- Repeat steps 1-3 to configure any additional syslog destinations and options. Each
additional option must be identified by using a separate syslog destination
configuration.
- You are now ready to configure the Juniper EX Series Ethernet Switch in QRadar.