Oracle Acme Packet Session Border Controller
You can use JSA to collect events from Oracle Acme Packet Session Border Controller (SBC) installations in your network.
The Oracle Acme Packet SBC installations generate events from syslog and SNMP traps. SNMP trap events are converted to syslog and all events are forwarded to JSA over syslog. JSA does not automatically discover syslog events that are forwarded from Oracle Communications SBC. JSA supports syslog events from Oracle Acme Packet SBC V6.2 and later.
To collect Oracle Acme Packet SBC events, you must complete the following tasks:
On your JSA system, configure a log source with the Oracle Acme Packet Session Border Controller DSM.
On your Oracle Acme Packet SBC installation, enable SNMP and configure the destination IP address for syslog events.
On your Oracle Acme Packet SBC installation, enable syslog settings on the media-manager object.
Restart your Oracle Acme Packet SBC installation.
Optional. Ensure that firewall rules do not block syslog communication between your Oracle Acme Packet SBC installation and the JSA console or managed host that collects syslog events.
Supported Oracle Acme Packet Event Types That Are Logged by JSA
The Oracle Acme Packet SBC DSM for JSA can collect syslog events from the authorization and the system monitor event categories.
Each event category can contain low-level events that describe
the action that is taken within the event category. For example,
authorization events can have low-level categories of login success
or login failed
.
Syslog Log Source Parameters for Oracle Acme Packet SBC
If JSA does not automatically detect the log source, add a Oracle Acme Packet SBC log source on the JSA Console by using the Syslog protocol.
When using the syslog protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect Syslog events from Oracle Acme Packet SBC:
Parameter |
Value |
---|---|
Log Source type |
Oracle Acme Packet SBC |
Protocol Configuration |
Syslog |
Log Source Identifier |
Type the IP address or host name for the log source as an identifier for events from your Oracle Acme Packet SBC installation. The log source identifier must be unique value. |
Configuring SNMP to Syslog Conversion on Oracle Acme Packet SBC
To collect events in a format compatible with JSA, you must enable SNMP to syslog conversion and configure a syslog destination.
Use SSH to log in to the command-line interface of your Oracle Acme Packet SBC installation, as an administrator.
Type the following command to start the configuration mode:
config t
Type the following commands to start the system configuration:
(configure)# system (system)# (system)# system-config (system-config)# sel
The sel command is required to select a single-instance of the system configuration object.
Type the following commands to configure your JSA system as a syslog destination:
(system-config)# syslog-servers (syslog-config)# address <QRadar IP address> (syslog-config)# done
Type the following commands to enable SNMP traps and syslog conversion for SNMP trap notifications:
(system-config)# enable-snmp-auth-traps enabled (system-config) # enable-snmp-syslog-notify enabled (system-config) # enable-snmp-monitor-traps enabled (system-config) # ids-syslog-facility 4 (system-config)# done
Type the following commands to return to configuration mode:
(system-config)# exit (system)# exit (configure)#