Table of Contents
Advertisement
Enterasys Dragon 6.x
b.
c.
d.
Step 5
Click Save.
Step 6
In the left menu, click Alarm.
Step 7
Set the Type to Real-time and the Notification Rule to syslog.
Click Save.
Step 8
In the left menu, click Deployment.
Step 9
In the main screen, click View Configuration. Make sure the localn set in both notify syslog and alarm
Step 10
syslog match.
In the main screen, click Deploy and Reset to confirm the configuration change.
Step 11
Host-side Configuration
Configure the syslog on the UNIX host
Log into the host as the root user.
Step 1
On the same system running the DPM or EFP, edit the file
Step 2
Make sure n in localn matches the syslog entry you used on the DPM or EFP.
Step 3
Add the line
Step 4
localn.*
Replacing n with the value used in Step 3 and replacing <mars ip address> with the IP address of the
MARS Appliance.
Step 5
Restart the syslog daemon by entering:
MARS-side Configuration
Add Configuration Information for the Enterasys Dragon
Step 1
Click Admin > System Setup > Security and Monitor Devices > Add.
Step 2
From the Device Type list, select Add SW Security apps on a new host or Add SW security apps on
existing host
User Guide for Cisco Security MARS Local Controller
6-34
Facility - Make sure the localn you select is not in use by the syslog daemon
Level - Select Debug
Message - Make sure its in such format:
%TIME% %DATE% SigName=%NAME% from Sensor=%SENSOR%
ScrIP=%SIP% DstIP=%DIP% SrcPort=%SPORT% DstPort=%DPORT%
Protocol=%PROTO%
@<mars ip address>
/etc/rc.d/rc.syslog restart
Chapter 6
Configuring Network-based IDS and IPS Devices
.
/etc/syslog.conf
78-17020-01
Advertisement
Table of Contents
Troubleshooting
