Documentation Center
AlienVault® USM Anywhere™

Avaya Media Gateway

When you configure the Avaya Media Gateway integration to send log data to USM Anywhere, you can use the Avaya Media Gateway plugin to translate the raw log data into normalized events for analysis.

Device Details
Device vendor Avaya
Device type Media gateway
Connection type syslog
Vendor link https://downloads.avaya.com/css/P8/documents/100059399

Integrating Avaya Media Gateway

Before you configure the integration, you must have the IP Address of the USM AnywhereUSM Appliance Sensor.

Integration includes the following tasks.

Defining syslog Servers

You can define up to three syslog servers.

To configure Avaya Media Gateway to send log data to USM Anywhere

  1. Define the syslog server:

    set logging server <USM Anywhere_IP_Address>

    When you define the syslog server it is disabled by default, so you must enable it.

  2. Enable the syslog server:

    set logging server enable <USM Anywhere_IP_Address>

  3. (Optional) Define an output facility for the USM Anywhere Sensor, for example:

    set logging server facility auth <USM Anywhere IP Address>

    Note: If you don't enter a facility name, facility 7 is used by default.

  4. (Optional) Limit access to the USM Anywhere Sensor, for example:

    set logging server access-level read-only <USM Anywhere IP Address>

    Use one of the following access level options:

    • read-only
    • read-write
    • admin

    Note: If you don't select an access level, read-write is used by default.

    Only messages with the configured access level are sent to the syslog output.

  5. (Optional) Define filters to limit the types of messages received.

Disabling a syslog Server

The syslog server in this case is the USM Anywhere Sensor you are associating with the plugin.

To disable a syslog server

set logging server disable <USM Anywhere IP Address

Deleting a syslog Server

The syslog server in this case is the USM Anywhere Sensor you are associating with the plugin.

To delete a syslog server

clear logging server <USM Anywhere IP Address>

Displaying syslog Server Status

The syslog server in this case is the USM Anywhere Sensor you are associating with the plugin.

To display the status of the syslog server

show logging server condition <USM Anywhere IP Address>

Plugin Enablement

The Avaya Media Gateway plugin automatically processes all messages whose raw message tag matches "mediagateway.g450".

Available Plugin Fields

The following plugin fields are important attributes extracted from the syslog message. USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.

  • application_protocol
  • customfield_0
  • customfield_1
  • customheader_0
  • customheader_1
  • destination_address
  • event_category
  • event_description
  • event_name
  • event_severity
  • source_address
  • source_username

Troubleshooting

For troubleshooting, refer to the vendor documentation:

http://downloads.avaya.com/css/P8/documents/100015080