Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Oracle Acme Packet Session Border Controller

 

You can use JSA to collect events from Oracle Acme Packet Session Border Controller (SBC) installations in your network.

The Oracle Acme Packet SBC installations generate events from syslog and SNMP traps. SNMP trap events are converted to syslog and all events are forwarded to JSA over syslog. JSA does not automatically discover syslog events that are forwarded from Oracle Communications SBC. JSA supports syslog events from Oracle Acme Packet SBC V6.2 and later.

To collect Oracle Acme Packet SBC events, you must complete the following tasks:

  1. On your JSA system, configure a log source with the Oracle Acme Packet Session Border Controller DSM.

  2. On your Oracle Acme Packet SBC installation, enable SNMP and configure the destination IP address for syslog events.

  3. On your Oracle Acme Packet SBC installation, enable syslog settings on the media-manager object.

  4. Restart your Oracle Acme Packet SBC installation.

  5. Optional. Ensure that firewall rules do not block syslog communication between your Oracle Acme Packet SBC installation and the JSA console or managed host that collects syslog events.

Supported Oracle Acme Packet Event Types That Are Logged by JSA

The Oracle Acme Packet SBC DSM for JSA can collect syslog events from the authorization and the system monitor event categories.

Each event category can contain low-level events that describe the action that is taken within the event category. For example, authorization events can have low-level categories of login success or login failed.

Configuring an Oracle Acme Packet SBC Log Source

To collect syslog events from Oracle Acme Packet SBC, you must configure a log source in JSA. Oracle Acme Packet SBC syslog events do not automatically discover in JSA.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. In the navigation menu, click Data Sources.
  4. Click the Log Sources icon.
  5. Click Add.
  6. In the Log Source Name field, type a name for your log source.
  7. In the Log Source Description field, type a description for your log source.
  8. From the Log Source Type list, select Oracle Acme Packet SBC.
  9. From the Protocol Configuration list, select Syslog.
  10. Configure the following values:

    Table 1: Syslog Protocol Parameters

    Parameter

    Description

    Log Source Identifier

    Type the IP address or host name as an identifier for events from your Oracle Acme Packet SBC installation.

    The log source identifier must be unique value.

    Enabled

    Select this check box to enable the log source. By default, the check box is selected.

    Credibility

    Select the Credibility of the log source. The range is 0 - 10.

    The credibility indicates the integrity of an event or offense as determined by the credibility rating from the source devices. Credibility increases if multiple sources report the same event. The default is 5.

    Target Event Collector

    Select the Event Collector to use as the target for the log source.

    Coalescing Events

    Select this check box to enable the log source to coalesce (bundle) events.

    By default, automatically discovered log sources inherit the value of the Coalescing Events list from the System Settings in JSA. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source.

    Incoming Event Payload

    From the list, select the incoming payload encoder for parsing and storing the logs.

    Store Event Payload

    Select this check box to enable the log source to store event payload information.

    By default, automatically discovered log sources inherit the value of the Store Event Payload list from the System Settings in JSA. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source.

  11. Click Save.
  12. On the Admin tab, click Deploy Changes.

You can now configure your Oracle Acme Packet SBC installation.

Configuring SNMP to Syslog Conversion on Oracle Acme Packet SBC

To collect events in a format compatible with JSA, you must enable SNMP to syslog conversion and configure a syslog destination.

  1. Use SSH to log in to the command-line interface of your Oracle Acme Packet SBC installation, as an administrator.
  2. Type the following command to start the configuration mode:

    config t

  3. Type the following commands to start the system configuration:

    (configure)# system (system)# (system)# system-config (system-config)# sel

    The sel command is required to select a single-instance of the system configuration object.

  4. Type the following commands to configure your JSA system as a syslog destination:

    (system-config)# syslog-servers (syslog-config)# address <QRadar IP address> (syslog-config)# done

  5. Type the following commands to enable SNMP traps and syslog conversion for SNMP trap notifications:
  6. Type the following commands to return to configuration mode:

    (system-config)# exit (system)# exit (configure)#

Enabling Syslog Settings on the Media Manager Object

The media-manager object configuration enables syslog notifications when the Intrusion Detection System (IDS) completes an action on an IP address. The available action for the event might depend on your firmware version.

  1. Type the following command to list the firmware version for your Oracle Acme Packet SBC installation:

    (configure)# show ver

    ACME Net-Net OSVM Firmware SCZ 6.3.9 MR-2 Patch 2 (Build 465) Build Date=03/12/13

    You may see underlined text which shows the major and minor version number for the firmware.

  2. Type the following commands to configure the media-manager object:

    (configure)# media-manager (media-manager)# (media-manager)# media-manager (media-manager)# sel (media-manager-config)#

    The sel command is used to select a single-instance of the media-manager object.

  3. Type the following command to enable syslog messages when an IP is demoted by the Intrusion Detection System (IDS) to the denied queue.

    (media-manager-config)# syslog-on-demote-to-deny enabled

  4. For firmware version C6.3.0 and later, type the following command to enable syslog message when sessions are rejected.

    (media-manager-config)# syslog-on-call-reject enabled

  5. For firmware version C6.4.0 and later, type the following command to enable syslog messages when an IP is demoted to the untrusted queue

    (media-manager-config)# syslog-on-demote-to-untrusted enabled

  6. Type the following commands to return to configuration mode:

    (media-manager-config)# done (media-manager-config)# exit (media-manager)# exit (configure)# exit

  7. Type the following commands to save and activate the configuration:

    # save Save complete # activate

  8. Type reboot to restart your Oracle Acme Packet SBC installation.

    After the system restarts, events are forwarded to JSA and displayed on the Log Activity tab.