Integrating Devices

Steelhead Riverbed

Configure Steelhead Riverbed to forward logs to EventTracker

SteelHead
  1. Logon to Steelhead Management Console.
  2. To configure logging, choose Configure > System Settings > Logging to display the Logging page.
  3. In Logging Configuration, configure settings as required.
  4. From Minimum Severity dropdown menu, select required severity level.
  5. In the Maximum Number of Log Files field, enter the maximum number of log files to be created at any moment of time.
  6. Enter the maximum amount of lines that can be in a log file in the Lines Per Log Page field.
  7. Select log rotation as per required depending on disk space and time.
  8. In Remote Log Servers, click on Add a New Log Server.
  9. Provide the remote syslog server's ip address in Remote Log Server.
  10. Select required severity level of exported logs in Minimum Severity.
  11. Click Apply to apply your changes to the running configuration.
  12. Click Save to save your settings permanently.
 

Alcatel-Lucent Switch

Configure Alcatel-Lucent Switch to forward logs to EventTracker

Enter following commands to enable syslog and forward it to remote server.

  1. Logon to console as Admin.
  2. Enable syslog
  3. -> swlog
  4. Set syslog severity for applications if required
  5. -> swlog appid system level warning
  6. Enter remote syslog server's ip address
  7. -> swlog output socket ipaddr 168.23.9.100
  8. Save the switch configuration
  9. -> write memory
 

Bit9

Configure Bit9 to forward logs to EventTracker

Bit9
  1. Log onto the Bit9 Management Console.
  2. Navigate to the System Configuration page in the user interface.
  3. Select Server Status from the Configuration Options list.
  4. Click the Edit button at the bottom to make changes.
  5. Make sure that the Syslog enabled check box is checked.
  6. Enter the IP address of remote syslog server in the Syslog address field.
  7. Set the Syslog port to 514.
  8. Set Syslog format to Basic (RFC 3164) for standard syslog formatted logs.
  9. Click Update to save changes and exit.
 

Dell PowerConnect 6200 Switch

Configure Dell PowerConnect 6200 Switch to forward logs to EventTracker

Threat Severity Level
Alert Immediate action needed
Critical Critical conditions
Debug Debugging messages
Emergency System is unusable
Error Error conditions
Info Informational messages
Notice Normal but significant conditions
Warning Warning conditions
  1. Logon to console as admin.
  2. Enter configuration mode.
  3. console#configure
  4. Enable syslog.
  5. console(config)#logging on
  6. Enter the ip address of the remote syslog server.
  7. console(config)#logging 192.168.10.65
  8. Select 514 as the logging port.
  9. console(Config-logging)#port 514
  10. Select the required severity level.
    console(Config-logging)#level critical
    Following severity levels can be assigned:
  11. Exit configuration mode.
  12. console(config)# exit
  13. Save the configuration.
  14. console# copy running-config startup-config