Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Extreme HiGuard Wireless IPS

The Extreme HiGuard Wireless IPS DSM for JSA records all relevant events by using syslog

Before you configure the Extreme HiGuard Wireless IPS device in JSA, you must configure your device to forward syslog events.

Configuring Enterasys HiGuard

To configure the device to forward syslog events:

  1. Log in to the HiGuard Wireless IPS user interface.

  2. In the left navigation pane, click Syslog, which allows the management server to send events to designated syslog receivers.

    The Syslog Configuration pane is displayed.

  3. In the System Integration Status section, enable syslog integration.

    Enabling syslog integration allows the management server to send messages to the configured syslog servers. By default, the management server enables syslog.

    The Current Status field displays the status of the syslog server. The choices are: Running or Stopped. An error status is displayed if one of the following occurs:

    • One of the configured and enabled syslog servers includes a host name that cannot be resolved.

    • The management server is stopped.

    • An internal error occurred. If this error occurs, contact Enterasys Technical Support.

  4. From Manage Syslog Servers, click Add.

    The Syslog Configuration window is displayed.

  5. Type values for the following parameters:

    • Syslog Server (IP Address/Hostname) Type the IP address or host name of the syslog server where events are sent.

    Note:

    Configured syslog servers use the DNS names and DNS suffixes configured in the Server initialization and Setup Wizard on the HWMH Config Shell.

    • Port Number - Type the port number of the syslog server to which HWMH sends events. The default is 514.

    • Message Format Select Plain Text as the format for sending events.

    • Enabled? Select Enabled? if you want events to be sent to this syslog server.

  6. Save your configuration.

    The configuration is complete. The log source is added to JSA as HiGuard events are automatically discovered. Events that are forwarded to JSA by Enterasys HiGuard are displayed on the Log Activity tab of JSA.

Syslog Log Source Parameters for Extreme HiGuard

If JSA does not automatically detect the log source, add a Extreme HiGuard log source on the JSA Console by using the syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect syslog events from Extreme HiGuard:

Table 1: Syslog Log Source Parameters for the Extreme HiGuard DSM

Parameter

Value

Log Source type

Extreme HiGuard

Protocol Configuration

Syslog

Log Source Identifier

Type the IP address or host name for the log source as an identifier for events from your Extreme HiGuard devices.