When you configure Avaya Media Gateway to send log data to USM Appliance, you can use the Avaya Media Gateway plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:
|Device Type||Application Firewall|
|Data Source Name||avaya-gateway|
|Data Source ID||1881|
Integrating Avaya Media Gateway
Before you configure the Avaya Media Gateway integration, you must have the IP Address of the USM Appliance Sensor.
To configure Avaya Media Gateway to send Syslog messages to USM Appliance
You can define up to three Syslog servers. The steps to defining a Syslog server are the following:
Run the set logging server command followed by the IP address of your USM Appliance.
set logging server <USM Appliance IP Address>
Enable the Syslog server by running the set logging server enable command followed by the IP address of your USM Appliance. When you define a new Syslog server, it is initially disabled, so you must use this command to enable the server.
set logging server enable <USM Appliance IP Address>
Optionally, define an output facility for the USM Appliance by running the set logging server facility command, followed by the name of the output facility and the IP address of the USM Appliance. If you do not define an output facility, the default facility, local7, is used.
set logging server facility auth <USM Appliance IP Address>
Optionally, limit access to the USM Appliance output by running the set logging server access-level command, followed by an access level (read-only, read-write, or admin) and the IP address of USM Appliance. If you do not define an access level, the default level, read-write, is used. Only messages with the appropriate access level are sent to the Syslog output.
set logging server access-level read-only <USM Appliance IP Address>
- Optionally, define filters to limit the types of messages received.
Disabling syslog servers
To disable an existing Syslog server, run the following command:
set logging server disable <USM Appliance IP Address>
Deleting syslog servers
You can delete a Syslog server from the Syslog server table by running the following command:
clear logging server <USM Appliance IP Address>
Displaying the status of the syslog server
To view the status of an existing Syslog server, run the show logging server condition command followed by the IP address of your USM Appliance. If you do not specify an IP address, the command displays the status of all defined Syslog servers.
show logging server condition <USM Appliance IP Address>
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
For troubleshooting, see the vendor documentation.