Nortel Multiprotocol Router

The Nortel Multiprotocol Router DSM for IBM QRadar records all relevant Nortel Multiprotocol Router events by using syslog.

About this task

Before you configure QRadar to integrate with a Nortel Multiprotocol Router device, you must:

Procedure

  1. Log in to your Nortel Multiprotocol Router device.
  2. At the prompt, type the following command:

    bcc

    The Bay Command Console prompt is displayed.

    Welcome to the Bay Command Console!

    * To enter configuration mode, type config

    * To list all system commands, type ?

    * To exit the BCC, type exit

    bcc>

  3. Type the following command to access configuration mode:

    config

  4. Type the following command to access syslog configuration:

    syslog

  5. Type the following commands:

    log-host address <IP address>

    Where <IP address> is the IP address of your QRadar.

  6. View current default settings for your QRadar:

    info

    For example:

    log-host/<IP_address># info

    address <IP_address>

    log-facility local0

    state enabled

  7. If the output of the command entered in Nortel Multiprotocol Router indicates that the state is not enabled, type the following command to enable forwarding for the syslog host:

    state enable

  8. Configure the log facility parameter:

    log-facility local0

  9. Create a filter for the hardware slots to enable them to forward the syslog events. Type the following command to create a filter with the name WILDCARD:

    filter name WILDCARD entity all

  10. Configure the slot-upper bound parameter:

    slot-upper bound <number of slots>

    Where <number of slots> is the number of slots available on your device. This parameter can require different configuration which depends on your version of Nortel Multiprotocol Router device, which determines the maximum number of slots available on the device.

  11. Configure the level of syslog messages you want to send to your QRadar.

    severity-mask all

  12. View the current settings for this filter:

    info

    For example:

    filter/<IP_address>/WILDCARD# info

    debug-map debug

    entity all

    event-lower-bound 0

    event-upper-bound 255

    fault-map critical

    info-map info

    name WILDCARD

    severity-mask {fault warning info trace debug}

    slot-lower-bound 0

    slot-upper-bound 1

    state enabled

    trace-map debug

    warning-map warning

  13. View the currently configured settings for the syslog filters:

    show syslog filters

    When the syslog and filter parameters are correctly configured, the Operational State indicates up.

    For example:

    syslog# show syslog filters

    show syslog filters Sep 15, 2008 18:21:25 [GMT+8]

    Table 1. Syslog filters

    Host IP address

    Filter Name

    Entity Name

    Entity Code

    Configured State

    Operational State

    <IP_address1>

    WILDCARD

    all

    255

    enabled

    up

    <IP_address2>

    WILDCARD

    all

    255

    enabled

    up

  14. View the currently configured syslog host information:

    show syslog log-host

    The host log displays the number of packets that are going to the various syslog hosts.

    For example:

    syslog# show syslog log-host

    show syslog log-host Sep 15, 2008 18:21:32 [GMT+8]

    Table 2. Syslog host log

    Host IP address

    Configured State

    Operational State

    Time Sequencing

    UDP Port

    Facility Code

    #Messages Sent

    <IP_address1>

    enabled

    up

    disabled

    514

    local0

    1402

    <IP_address2>

    enabled

    up

    disabled

    514

    local0

    131

  15. Exit the command line interface:
    1. Exit the current command line to return to the bcc command line:

      exit

  16. Exit the bbc command line:

    exit

  17. Exit the command-line session:

    logout

  18. You can now configure the log source in QRadar.

    To configure QRadar to receive events from a Nortel Multiprotocol Router device:

    1. From the Log Source Type list, select the Nortel Multiprotocol Router option.