Extreme Matrix K/N/S Series Switch

The Extreme Matrix Series DSM for IBM QRadar accepts events by using syslog. QRadar records all relevant Matrix K-Series, N-Series, or S-Series standalone device events.

About this task

Before you configure QRadar to integrate with a Matrix K-Series, N-Series, or S-Series, take the following steps:

Procedure

  1. Log in to your Extreme Matrix device command-line interface (CLI).
  2. Type the following commands:
    1. set logging server 1 ip-addr <IP Address of Event Processor> state enable

    2. set logging application RtrAcl level 8

    3. set logging application CLI level 8

    4. set logging application SNMP level 8

    5. set logging application Webview level 8

    6. set logging application System level 8

    7. set logging application RtrFe level 8

    8. set logging application Trace level 8

    9. set logging application RtrLSNat level 8

    10. set logging application FlowLimt level 8

    11. set logging application UPN level 8

    12. set logging application AAA level 8

    13. set logging application Router level 8

    14. set logging application AddrNtfy level 8

    15. set logging application OSPF level 8

    16. set logging application VRRP level 8

    17. set logging application RtrArpProc level 8

    18. set logging application LACP level 8

    19. set logging application RtrNat level 8

    20. set logging application RtrTwcb level 8

    21. set logging application HostDoS level 8

    22. set policy syslog extended-format enable

    For more information on configuring the Matrix Series routers or switches, consult your vendor documentation.

  3. You are now ready to configure the log sources in QRadar.

    To configure QRadar to receive events from an Extreme Matrix Series device, select Extreme Matrix K/N/S Series Switch from the Log Source Type list.