Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Oracle Acme Packet Session Border Controller

 

You can use JSA to collect events from Oracle Acme Packet Session Border Controller (SBC) installations in your network.

The Oracle Acme Packet SBC installations generate events from syslog and SNMP traps. SNMP trap events are converted to syslog and all events are forwarded to JSA over syslog. JSA does not automatically discover syslog events that are forwarded from Oracle Communications SBC. JSA supports syslog events from Oracle Acme Packet SBC V6.2 and later.

To collect Oracle Acme Packet SBC events, you must complete the following tasks:

  1. On your JSA system, configure a log source with the Oracle Acme Packet Session Border Controller DSM.

  2. On your Oracle Acme Packet SBC installation, enable SNMP and configure the destination IP address for syslog events.

  3. On your Oracle Acme Packet SBC installation, enable syslog settings on the media-manager object.

  4. Restart your Oracle Acme Packet SBC installation.

  5. Optional. Ensure that firewall rules do not block syslog communication between your Oracle Acme Packet SBC installation and the JSA console or managed host that collects syslog events.

Supported Oracle Acme Packet Event Types That Are Logged by JSA

The Oracle Acme Packet SBC DSM for JSA can collect syslog events from the authorization and the system monitor event categories.

Each event category can contain low-level events that describe the action that is taken within the event category. For example, authorization events can have low-level categories of login success or login failed.

Syslog Log Source Parameters for Oracle Acme Packet SBC

If JSA does not automatically detect the log source, add a Oracle Acme Packet SBC log source on the JSA Console by using the Syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Syslog events from Oracle Acme Packet SBC:

Table 1: Syslog Log Source Parameters for the Oracle Acme Packet SBC DSM

Parameter

Value

Log Source type

Oracle Acme Packet SBC

Protocol Configuration

Syslog

Log Source Identifier

Type the IP address or host name for the log source as an identifier for events from your Oracle Acme Packet SBC installation.

The log source identifier must be unique value.

Configuring SNMP to Syslog Conversion on Oracle Acme Packet SBC

To collect events in a format compatible with JSA, you must enable SNMP to syslog conversion and configure a syslog destination.

  1. Use SSH to log in to the command-line interface of your Oracle Acme Packet SBC installation, as an administrator.
  2. Type the following command to start the configuration mode:

    config t

  3. Type the following commands to start the system configuration:

    (configure)# system (system)# (system)# system-config (system-config)# sel

    The sel command is required to select a single-instance of the system configuration object.

  4. Type the following commands to configure your JSA system as a syslog destination:

    (system-config)# syslog-servers (syslog-config)# address <QRadar IP address> (syslog-config)# done

  5. Type the following commands to enable SNMP traps and syslog conversion for SNMP trap notifications:
  6. Type the following commands to return to configuration mode:

    (system-config)# exit (system)# exit (configure)#

Enabling Syslog Settings on the Media Manager Object

The media-manager object configuration enables syslog notifications when the Intrusion Detection System (IDS) completes an action on an IP address. The available action for the event might depend on your firmware version.

  1. Type the following command to list the firmware version for your Oracle Acme Packet SBC installation:

    (configure)# show ver

    ACME Net-Net OSVM Firmware SCZ 6.3.9 MR-2 Patch 2 (Build 465) Build Date=03/12/13

    You may see underlined text which shows the major and minor version number for the firmware.

  2. Type the following commands to configure the media-manager object:

    (configure)# media-manager (media-manager)# (media-manager)# media-manager (media-manager)# sel (media-manager-config)#

    The sel command is used to select a single-instance of the media-manager object.

  3. Type the following command to enable syslog messages when an IP is demoted by the Intrusion Detection System (IDS) to the denied queue.

    (media-manager-config)# syslog-on-demote-to-deny enabled

  4. For firmware version C6.3.0 and later, type the following command to enable syslog message when sessions are rejected.

    (media-manager-config)# syslog-on-call-reject enabled

  5. For firmware version C6.4.0 and later, type the following command to enable syslog messages when an IP is demoted to the untrusted queue

    (media-manager-config)# syslog-on-demote-to-untrusted enabled

  6. Type the following commands to return to configuration mode:

    (media-manager-config)# done (media-manager-config)# exit (media-manager)# exit (configure)# exit

  7. Type the following commands to save and activate the configuration:

    # save Save complete # activate

  8. Type reboot to restart your Oracle Acme Packet SBC installation.

    After the system restarts, events are forwarded to JSA and displayed on the Log Activity tab.