Nortel Ethernet Routing Switch 8300/8600

The IBM QRadar Nortel Ethernet Routing Switch (ERS) 8300/8600 DSM records all relevant events by using syslog.

About this task

Before you configure a Nortel ERS 8600 device in QRadar, you must configure your device to send syslog events to QRadar.

To configure the device to send syslog events to QRadar:

Procedure

  1. Log in to the Nortel ERS 8300/8600 command-line interface (CLI).
  2. Type the following command:

    config sys syslog host <ID>

    Where <ID> is the ID of the host you wish to configure to send syslog events to QRadar.

    For the syslog host ID, the valid range is 1 - 10.

  3. Type the IP address of your QRadar system:

    address <IP address>

    Where <IP address> is the IP address of your QRadar system.

  4. Type the facility for accessing the syslog host.

    host <ID> facility local0

    Where <ID> is the ID specified in Nortel Ethernet Routing Switch 8300/8600.

  5. Enable the host:

    host enable

  6. Type the severity level for which syslog messages are sent:

    host <ID> severity info

    Where <ID> is the ID specified in Nortel Ethernet Routing Switch 8300/8600.

  7. Enable the ability to send syslog messages:

    state enable

  8. Verify the syslog configuration for the host:

    sylog host <ID> info

    For example, the output might resemble the following:

    ERS-8606:5/config/sys/syslog/host/1# info Sub-Context: Current Context: address : 192.0.2.1 create : 1 delete : N/A facility : local6 host : enable mapinfo : info mapwarning : warning maperror : error mapfatal : emergency severity : info|warning|error|fatal udp-port : 514 ERS-8606:5/config/sys/syslog/host/1#

    You can now configure the log source in QRadar.

  9. To configure QRadar to receive events from a Nortel ERS 8300/8600 device: From the Log Source Type list, select the Nortel Ethernet Routing Switch 8300/8600 option.