Table of Contents
Advertisement
86
E
NTERASYS
Creating a Policy
with a Syslog
Notification Rule
NOTE
Step 1
Step 2
Step 3
Step 4
You are now ready to configure the log source SNMP protocol in SIEM. See
Configuring
SIEM.
For information on configuring SNMP in SIEM, see the Log Sources User Guide.
This procedure describes how to configure an Alarm Tool policy using a Syslog
notification rule in the Log Event Extended Format (LEEF) message format. LEEF
is the preferred message format for sending notifications to Dragon Network
Defense when the notification rate is very high or when IPv6 addresses are
displayed.
If you prefer not to use syslog notifications in LEEF format, refer to your Enterasys
IPS documentation for more information.
Use SNMPv3 notification rules if you need to transfer PDATA, which is a binary
data element. Do not use a Syslog notification rule.
To configure Enterasys Dragon with an Alarm Tool policy using a syslog notification
rule:
Log in to the Enterasys Dragon EMS.
Click the Alarm Tool icon.
Configure the Alarm Tool Policy:
In the Alarm Tool Policy View > Custom Policies menu tree, right-click and
a
select Add Alarm Tool Policy.
The Add Alarm Tool Policy window is displayed.
In the Add Alarm Tool Policy field, type a policy name.
b
For example:
Enterasys Networks
Click OK.
c
In the menu tree, select Enterasys Networks.
d
To configure the event group:
Click the Events Group tab.
a
Click New.
b
The Event Group Editor is displayed.
Select the event group or individual events to monitor.
c
Click Add.
d
A prompt is displayed.
Click Yes.
e
In the right column of the Event Group Editor, type
f
Configuring DSMs
.
Dragon-Events
Advertisement
Table of Contents
Need help?
Do you have a question about the Security Information and Event Manager (SIEM) and is the answer not in the manual?
Questions and answers