The Extreme Matrix Series DSM for IBM
QRadar accepts events by using
syslog. QRadar records all
relevant Matrix K-Series, N-Series, or S-Series standalone device events.
About this task
Before you configure QRadar
to integrate with a Matrix K-Series, N-Series, or S-Series, take the following steps:
Procedure
-
Log in to your Extreme Matrix device command-line interface (CLI).
-
Type the following commands:
-
set logging server 1 ip-addr <IP Address of Event Processor>
state enable
-
set logging application RtrAcl level 8
-
set logging application CLI level 8
-
set logging application SNMP level 8
-
set logging application Webview level 8
-
set logging application System level 8
-
set logging application RtrFe level 8
-
set logging application Trace level 8
-
set logging application RtrLSNat level 8
-
set logging application FlowLimt level 8
-
set logging application UPN level 8
-
set logging application AAA level 8
-
set logging application Router level 8
-
set logging application AddrNtfy level 8
-
set logging application OSPF level 8
-
set logging application VRRP level 8
-
set logging application RtrArpProc level 8
-
set logging application LACP level 8
-
set logging application RtrNat level 8
-
set logging application RtrTwcb level 8
-
set logging application HostDoS level 8
-
set policy syslog extended-format enable
For more information on configuring the Matrix Series routers or switches, consult your vendor
documentation.
-
You are now ready to configure the log sources in QRadar.
To configure QRadar to
receive events from an Extreme Matrix Series device, select Extreme Matrix K/N/S Series
Switch from the Log Source Type list.