You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>PluginManagement>ConfigureLogForwardingOnCommonlyUsedDataSources>AvayaMediaGateway (28 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next

Sheriff CSMâ„¢

Avaya Media Gateway

When you configure Avaya Media Gateway to send log data to Sheriff CSM, you can use the Avaya Media Gateway plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

DeviceDetails
Vendor Avaya
Device Type Application Firewall
Connection Type Syslog
Data Source Name avaya-gateway
Data Source ID 1881

Integrating Avaya Media Gateway

Before you configure the Avaya Media Gateway integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure Avaya Media Gateway to send Syslog messages to Sheriff CSM

You can define up to three Syslog servers. The steps to defining a Syslog server are the following:

  1. Run the set logging server command followed by the IP address of your Sheriff CSM.

    set logging server <Sheriff CSM IP Address>

  2. Enable the Syslog server by running the set logging server enable command followed by the IP address of your Sheriff CSM. When you define a new Syslog server, it is initially disabled, so you must use this command to enable the server.

    set logging server enable <Sheriff CSM IP Address>

  3. Optionally, define an output facility for the Sheriff CSM by running the set logging server facility command, followed by the name of the output facility and the IP address of the Sheriff CSM. If you do not define an output facility, the default facility, local7, is used.

    set logging server facility auth <Sheriff CSM IP Address>

  4. Optionally, limit access to the Sheriff CSM output by running the set logging server access-level command, followed by an access level (read-only, read-write, or admin) and the IP address of Sheriff CSM. If you do not define an access level, the default level, read-write, is used. Only messages with the appropriate access level are sent to the Syslog output.

    set logging server access-level read-only <Sheriff CSM IP Address>

  5. Optionally, define filters to limit the types of messages received

    Disabling syslog servers

    To disable an existing Syslog server, run the following command:

    set logging server disable <Sheriff CSM IP Address>

    Deleting syslog servers

    You can delete a Syslog server from the Syslog server table by running the following command:

    clear logging server <Sheriff CSM IP Address>

    Displaying the status of the syslog server

    To view the status of an existing Syslog server, run the show logging server condition command followed by the IP address of your Sheriff CSM. If you do not specify an IP address, the command displays the status of all defined Syslog servers.

    show logging server condition <Sheriff CSM IP Address>

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://downloads.avaya.com/css/P8/documents/100059399

For troubleshooting, see the vendor documentation.
Edit  | Attach | Print version | History: r15 < r14 < r13 < r12 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r15 - 28 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.