Documentation Center
AlienVault® USM Anywhere™

Brocade Router or Switch

When you configure the Brocade Router or Switch integration to send log data to USM Anywhere, you can use the Brocade Router or Switch plugin to translate the raw log data into normalized events for analysis.

Device Details
Device vendor Brocade
Device type Router/Switch
Connection type syslog
Vendor link http://www.brocade.com/content/html/en/command-reference-guide/nos-602-commandref/GUID-E6AE512A-6F10-4555-8A66-C1A0906F70DB.html

Brocade Router or Switch Integration

Before you configure the integration, you must have the IP Address of the USM AnywhereUSM Appliance Sensor.

Use this command to configure a switch to forward all error log entries to one or more specified servers. You can configure up to four syslog servers.

To configure Brocade to send log data over syslog to USM Anywhere

  • In global configuration mode, configure a router/switch to forward system messages to the USM Anywhere Sensor :

    logging syslog-server <USM Anywhere Sensor-IP_address> [use-vrf <vrf-name> [ secure ]

    Where:

    use-vrf = Specifies a specific VRF.

    vrf-name = A VRF instance (For details, see the Brocade Usage Guidelines.)

    secure = Configures a secure default (port 514) or specified nondefault syslog server port. A secure port number with default values is not shown in the Brocade Network OS database.

Plugin Enablement

For plugin enablement information, see Manual Plugin Management.

Available Plugin Fields

The plugin fields listed below are important attributes extracted from the syslog message. These fields are used in USM Anywhere reports and can be referenced when creating custom reports. In addition to reporting, the fields are also used by the USM Anywhere correlation rules.

  • application_protocol
  • customfield_0
  • customfield_1
  • customheader_0
  • customheader_1
  • destination_hostname
  • destination_vpn
  • device_inbound_interface
  • event_description
  • event_name
  • session
  • source_address
  • source_mac
  • source_username
  • transport_protocol

Troubleshooting

For troubleshooting, refer to the vendor documentation:

http://www.brocade.com/content/html/en/troubleshooting-guide/fos-740-troubleshooting/index.html