Documentation Center
AlienVault® USM Appliance™

Avaya Media Gateway

When you configure Avaya Media Gateway to send log data to USM Appliance, you can use the Avaya Media Gateway plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Avaya
Device Type Application Firewall
Connection Type Syslog
Data Source Name avaya-gateway
Data Source ID 1881

Integrating Avaya Media Gateway

Before you configure the Avaya Media Gateway integration, you must have the IP Address of the USM Appliance Sensor.

To configure Avaya Media Gateway to send Syslog messages to USM Appliance

You can define up to three Syslog servers. The steps to defining a Syslog server are the following:

  1. Run the set logging server command followed by the IP address of your USM Appliance.

    set logging server <USM Appliance IP Address>

  2. Enable the Syslog server by running the set logging server enable command followed by the IP address of your USM Appliance. When you define a new Syslog server, it is initially disabled, so you must use this command to enable the server.

    set logging server enable <USM Appliance IP Address>

  3. Optionally, define an output facility for the USM Appliance by running the set logging server facility command, followed by the name of the output facility and the IP address of the USM Appliance. If you do not define an output facility, the default facility, local7, is used.

    set logging server facility auth <USM Appliance IP Address>

  4. Optionally, limit access to the USM Appliance output by running the set logging server access-level command, followed by an access level (read-only, read-write, or admin) and the IP address of USM Appliance. If you do not define an access level, the default level, read-write, is used. Only messages with the appropriate access level are sent to the Syslog output.

    set logging server access-level read-only <USM Appliance IP Address>

  5. Optionally, define filters to limit the types of messages received.
  6. Disabling syslog servers

    To disable an existing Syslog server, run the following command:

    set logging server disable <USM Appliance IP Address>

    Deleting syslog servers

    You can delete a Syslog server from the Syslog server table by running the following command:

    clear logging server <USM Appliance IP Address>

    Displaying the status of the syslog server

    To view the status of an existing Syslog server, run the show logging server condition command followed by the IP address of your USM Appliance. If you do not specify an IP address, the command displays the status of all defined Syslog servers.

    show logging server condition <USM Appliance IP Address>

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://downloads.avaya.com/css/P8/documents/100059399

For troubleshooting, see the vendor documentation.