Documentation Center
AlienVault® USM Anywhere™

Extreme Networks SummitX and Black Diamond

When you configure Extreme Networks SummitX and Black Diamond Switches to send log data to USM Anywhere, you can use the Extreme Networks SummitX and Black Diamond Switches plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Extreme Networks
Device Type Switch
Connection Type Syslog

Integrating Extreme Networks SummitX and Black Diamond Switches

Before you configure the Extreme Networks SummitX and Black Diamond Switches integration, you must have the IP Address of the USM Anywhere Sensor.

To configure Extreme Networks SummitX and Black Diamond Switches to send Syslog messages to USM Anywhere

  1. Enable remote logging by running the following command:

    enable syslog

  2. Configure remote logging by running the following command:

    config syslog <USM Anywhere IP Address> <facility> {<priority>} {<subsystem>}

  3. In addition to the USM Anywhere IP address, the other parameters specified with the syslog command include:

    • facility: The syslog facility level for local use. Options include local0 through local7.
    • priority: Specifies the severity level of Syslog messages directed to USM Anywhere. Syslog filters the log to only include messages with the selected priority level or higher priority (more critical messages). Priorities include critical, warning, and informational. If a priority is not specified, only critical priority messages will be sent to the syslog host.
    • subsystem: When specified, filters the log to only include messages associated with the selected switch subsystem. Subsystems include Syst, STP Brdg, SNMP, Telnet, VLAN, and Port. If a subsystem is not specified, all subsystem messages are sent to the syslog host.

Plugin Enablement

For plugin enablement information, see Manual Plugin Management.

Available Plugin Fields

The following plugin fields are important attributes extracted from the syslog message. USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.

  • application_protocol
  • audit_reason
  • customfield_0
  • customfield_1
  • customheader_0
  • customheader_1
  • destination_address
  • destination_port
  • device_facility
  • event_name
  • event_outcome
  • event_severity
  • rep_device_rule_id
  • source_address
  • source_process_commandline
  • source_username
  • timestamp_occured

Additional Resources and Troubleshooting

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-a-syslog-server

For troubleshooting, see the vendor documentation.