The Juniper EX Series Ethernet Switch DSM for IBM®
QRadar® accepts events by using
syslog.
About this task
The Juniper EX Series Ethernet Switch DSM supports Juniper EX Series Ethernet Switches running
Junos OS. Before you can integrate QRadar with a Juniper EX Series
Ethernet Switch, you must configure your Juniper EX Series Switch to forward syslog events.
Procedure
- Log in to the Juniper EX Series Ethernet Switch command line interface
(CLI).
- Type the following command:
- Type the following command:
set system syslog host <IP address>
<option> <level>
Where:
-
<IP address> is the IP address of your QRadar.
-
<level> is info, error, warning, or any.
-
<option> is one of the following options from Table 1.
Table 1. Juniper Networks EX Series switch options
|
Option
|
Description
|
| any |
All facilities
|
| authorization |
Authorization system
|
| change-log |
Configuration change log
|
| conflict-log |
Configuration conflict log
|
| daemon |
Various system processes
|
| dfc |
Dynamic flow capture
|
| explicit-priority |
Include priority and facility in messages
|
| external |
Local external applications
|
| facility-override |
Alternative facility for logging to remote host
|
| firewall |
Firewall filtering system
|
| ftp |
FTP process
|
| interactive-commands |
Commands run by the UI
|
| kernel |
Kernel
|
| log-prefix |
Prefix for all logging to this host
|
| match |
Regular expression for lines to be logged
|
| pfe |
Packet Forwarding Engine
|
| user |
User processes
|
For example:
set system syslog host <IP_address> firewall info
This command example configures the Juniper EX Series Ethernet Switch to send info messages from
firewall filter systems to your QRadar.
- Repeat steps 1-3 to configure any additional syslog destinations and options. Each
additional option must be identified by using a separate syslog destination
configuration.
- You are now ready to configure the Juniper EX Series Ethernet Switch in QRadar.