Device Integration: Cisco Wireless LAN Controller (WLC)



Similar documents
Device Integration: Citrix NetScaler

Device Integration: CyberGuard SG565

Device Integration: Checkpoint Firewall-1

How to send s triggered by events

AlienVault. Unified Security Management 5.x Configuration Backup and Restore

Monitoring VMware ESX Virtual Switches

How to configure High Availability (HA) in AlienVault USM (for versions 4.14 and prior)

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

AlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log

Suricata IDS. What is it and how to enable it

AlienVault Unified Security Management (USM) x. Configuring High Availability (HA)

SYSTEM BACKUP AND RESTORE (AlienVault USM 4.8+)

Deploying HIDS Client to Windows Hosts

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

MCNC Webinar Series. Syslog

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

AlienVault Offline Key Activation

User Management Guide

The SIEM Evaluator s Guide

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

AlienVault. Unified Security Management x Offline Update and Software Restoration Procedures

How To Analyze Logs On Aloha On A Pcode On A Linux Server On A Microsoft Powerbook (For Acedo) On A Macbook Or Ipad (For An Ubuntu) On An Ubode (For Macrocess

Assets, Groups & Networks

Netflow Collection with AlienVault Alienvault 2013

Collecting Windows logs using Snare

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Intrusion Detection in AlienVault

How to enable File Integrity Monitoring (FIM)

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

AlienVault Installation Guide

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

AlienVault. Unified Security Management (USM) x Initial Setup Guide

Managing ACE Software Licenses

WMI Collecting Windows Logs

ipta iptables Log Analyzer Anders Sikvall ichimusai.org

RSA Security Analytics

RSA Security Analytics

WHAT IS LOG CORRELATION? Understanding the most powerful feature of SIEM

Unified Security Management and Open Threat Exchange

RSA Security Analytics

Network Management & Monitoring

RSA Event Source Configuration Guide. RSA Data Loss Prevention Suite

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

Lab Configure Syslog on AP

PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise Agents

RSA Security Analytics

How To Configure Syslog over VPN

Volume SYSLOG JUNCTION. User s Guide. User s Guide

Microsoft Windows 2003 DNS Server for Wireless LAN Controller (WLC) Discovery Configuration Example

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Asset Management Guide

Adaptive Log Exporter Users Guide

Configuring System Message Logging

To read more Linux Journal or start your subscription, please visit

Lab Load Balancing Across Multiple Paths

IBM Security QRadar SIEM Version MR1. Administration Guide

disect Systems Logging Snort alerts to Syslog and Splunk PRAVEEN DARSHANAM

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.

Working with ESX(i) Log Files

Web Proxy Auto Discovery (WPAD) Configuration Guide. Revision Warning and Disclaimer

RSA Event Source Configuration Guide. F5 Big-IP Local Traffic Manager

Implementation of escan Live Events with SYSLOG (CACTI)

CSE 265: System and Network Administration

NetIQ Sentinel Quick Start Guide

Network Metrics Content Pack for VMware vrealize Log Insight

Discover Security That s Highly Intelligent.

Configuring Right-To-Use Licenses

SOLUTION BRIEF. TIBCO LogLogic A Splunk Management Solution

Lab Configure Basic AP Security through IOS CLI

Cisco ASA. Administrators

Basic System. Vyatta System. REFERENCE GUIDE Using the CLI Working with Configuration System Management User Management Logging VYATTA, INC.

IBM Security QRadar SIEM Version MR1. Log Sources User Guide

RSA SIEM Partner Guide. Revision: H2CY10

An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan

Using Symantec NetBackup with Symantec Security Information Manager 4.5

After you have created your text file, see Adding a Log Source.

Red Condor Syslog Server Configurations

RSA Event Source Configuration Guide

RSA Security Analytics

Configuring System Message Logging

This chapter explains a preparation for the use of RemoteControlService.

Configuring NetFlow Secure Event Logging (NSEL)

Network Instruments white paper

Government of Canada Managed Security Service (GCMSS) Annex A-7: Statement of Work - Security Information and Event Management (SIEM)

orrelog SNMP Trap Monitor Software Users Manual

Alarms. Understanding Alarms CHAPTER

F-SECURE MESSAGING SECURITY GATEWAY

Lab Advanced Telnet Operations

Tracking Network Changes Using Change Audit

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

Lab Configure IOS Firewall IDS

7750 SR OS System Management Guide

Configuring System Message Logging

Enterprise Manager. Version 6.2. Installation Guide

VMware vcenter Log Insight Security Guide

AlienVault Unified Security Management for Government v4.12 & CyberC4:Alert v4.12 Configuration for Common Criteria

Using Debug Commands

WLAN Security: Identifying Client and AP Security

Juniper Secure Analytics

Transcription:

Complete. Simple. Affordable Device Integration: Cisco Wireless LAN Controller (WLC) Copyright 2014 AlienVault. All rights reserved.

AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM and OSSIM are trademarks or service marks of AlienVault.

CONTENTS 1. INTRODUCTION... 4 2. CISCO WLC INFORMATION... 4 3. CONFIGURING CISCO WLC TO SEND LOG DATA TO ALIENVAULT... 4 4. CONFIGURING ALIENVAULT TO RECEIVE LOGS FROM CISCO WLC... 5 5. CONFIGURING LOG FILE EXPIRATION... 5 6. HOW TO ENABLE THIS PLUGIN... 6 DC-00121 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 3 of 6

1. INTRODUCTION The objective of this document is to explain how to configure a Cisco WLC device to send log data to AlienVault USM. This document is related to the AlienVault document Data Source Plugin Management. The explanation about how to enable plugins can be found in that document. 2. CISCO WLC INFORMATION Device Name Device Vendor Device Type Data Source Name Connection Type Wireless LAN Controller Cisco Wireless Access Point Manager cisco-wlc syslog Data Source ID 1663 3. CONFIGURING CISCO WLC TO SEND LOG DATA TO ALIENVAULT Cisco WLC must be configured to send log data to an AlienVault Sensor over the Syslog protocol. 1. Connect to the WLC Console. 2. Enter Enable mode. 3. Enter the following commands: config logging syslog host <IP_AlienVault_Sensor> config logging syslog facility syslog config logging syslog level informational save config Y DC-00121 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 4 of 6

4. CONFIGURING ALIENVAULT TO RECEIVE LOGS FROM CISCO WLC Devices that send log data via Syslog require configuration of the Syslog service to process those incoming logs into a unique file destination. 1. Open the console on the AlienVault Appliance, or log in over Secure Shell (SSH) as the root user. 2. Select and accept the Jailbreak this appliance option to gain command line access. 3. Create a new configuration file to save incoming logs: nano w /etc/rsyslog.d/cisco-wlc.conf 4. Add the following line to the file, one for each Cisco WLC device you are sending logs from: if ($fromhost-ip == IP_Address_WLC ) then /var/log/cisco-wlc.log 5. End the file with this line: & ~ 6. Press Crtl+W to save the file and Ctrl+X to exit the editor. 7. Restart the Syslog Collector: /etc/init.d/rsyslog restart 5. CONFIGURING LOG FILE EXPIRATION Incoming logs will be processed by the Sensor and passed on to the SIEM Service. Keeping the raw log files on the sensor for more than a few days is unnecessary and they should be purged to maintain adequate free filesystem capacity. 1. Create a new log rotation configuration file. nano w /etc/logrotate.d/cisco-wlc 2. Add the follows content to the file: /var/log/cisco-wlc.log DC-00121 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 5 of 6

{ rotate 4 # save 4 days of logs daily # rotate files daily missingok notifempty compress delaycompress sharedscripts postrotate invoke-rc.d rsyslog reload > /dev/null endscript } 6. HOW TO ENABLE THIS PLUGIN This plugin is already configured, but it is necessary to enable it, through command line console or through the web interface. The instructions about how to enable this plugin can be found in the AlienVault document Data Source Plugin Management. DC-00121 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 6 of 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information