A10 Networks Load Balancer



Similar documents
Accellion Secure File Transfer

F5 Local Traffic Manager

RSA Authentication Manager

Barracuda Networks Web Application Firewall

Microsoft Internet Information Services (IIS)

McAfee Enterprise Security Manager. Data Source Configuration Guide. Infoblox NIOS. Data Source: September 2, Infoblox NIOS Page 1 of 8

F-SECURE MESSAGING SECURITY GATEWAY

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

Network Load Balancing

Deployment Guide A10 Networks/Infoblox Joint DNS64 and NAT64 Solution

Windows Service Monitoring

Configuring User Identification via Active Directory

RSA Security Analytics

Enhancements to idrac7 Alert Notification

Deployment Guide AX Series for Palo Alto Networks Firewall Load Balancing

EventTracker: Integrating Imperva SecureSphere

EMC CLARiiON PRO Storage System Performance Management Pack Guide for Operations Manager Published: 04/14/2011

Administering Cisco ISE

LifeSize Transit Deployment Guide June 2011

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

McAfee SIEM Alarms. Setting up and Managing Alarms. Introduction. What does it do? What doesn t it do?

SuperLumin Nemesis. Administration Guide. February 2011

Configure Cisco Unified Customer Voice Portal

Troubleshooting for Yamaha router

Introduction Installation firewall analyzer step by step installation Startup Syslog and SNMP setup on firewall side firewall analyzer startup

Setting up Microsoft Office 365

PineApp Surf-SeCure Quick

RSA Event Source Configuration Guide. McAfee Database Security

Setting up Microsoft Office 365

How To Configure Syslog over VPN

Deployment Guide Microsoft IIS 7.0

After you have created your text file, see Adding a Log Source.

User Management Guide

HP Device Manager 4.6

Configuring the Dolby Conference Phone with Cisco Unified Communications Manager

How to Setup and Configure ESXi 5.0 and ESXi 5.1 for OpenManage Essentials

XMS Quick Start Guide

SIP Trunking using Optimum Business SIP Trunk Adaptor and the Cisco Call Manager Express Version 8.5

Wireless Installation Checklist for Novell GroupWise Environments

Using the NetVanta 7100 Series

SevOne NMS Download Installation and Implementation Guide

Integrating Trend Micro OfficeScan 10 EventTracker v7.x

F-Secure Messaging Security Gateway. Deployment Guide

GX-V. Quick Start Guide. Microsoft Hyper-V Hypervisor. Before You Begin SUMMARY OF TASKS. Before You Begin WORKSHEET VIRTUAL GMS SERVER

SOA Software API Gateway Appliance 7.1.x Administration Guide

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Syslog Monitoring Feature Pack

Networking Guide Redwood Manager 3.0 August 2013

McAfee Enterprise Security Manager 9.3.2

QUICK START GUIDE. Cisco C170 Security Appliance

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

How to integrate Verax NMS & APM with Verax Service Desk

6.0. Getting Started Guide

Integrating with IBM Tivoli TSOM

LogLogic Cisco NetFlow Log Configuration Guide

Configuring Trend Micro Content Security

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

EMC Data Domain Management Center

Juniper Secure Analytics

APPLICATION NOTES High-Availability Load Balancing with the Brocade ServerIron ADX and McAfee Firewall Enterprise (Sidewinder)

Tracking Network Changes Using Change Audit

About Archiving for Microsoft Exchange Server

EMR Link Server Interface Installation

EMC Smarts Integration Guide

TEL 500 WRITE UP WEEK 8 FREE PBX SIP LAB SUBMITTED TO: PROF. RONNY BULL BY: ANUSHA ALIGAPALLY

Monitoring Oracle Enterprise Performance Management System Release Deployments from Oracle Enterprise Manager 12c

Network Monitoring. SAN Discovery and Topology Mapping. Device Discovery. Send documentation comments to

Juniper Secure Analytics

SonicWALL Global Management System Reporting Guide Standard Edition

Knowledge Base Articles

LogLogic Microsoft Domain Name System (DNS) Log Configuration Guide

Configuring Sponsor Authentication

eco PDU PE Series SNMP Settings User Instructions

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

How to manage non-hp x86 Windows servers with HP SIM

Discovery Guide. Secret Server. Table of Contents

Setting Up Scan to SMB on TaskALFA series MFP s.

Managing Qualys Scanners

IBM Security QRadar SIEM Version MR1. Log Sources User Guide

McAfee Security Information Event Management (SIEM) Administration Course 101

Basic System. Vyatta System. REFERENCE GUIDE Using the CLI Working with Configuration System Management User Management Logging VYATTA, INC.

Secure Messaging Server Console... 2

Monitoring the Network

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

PIX/ASA 7.x with Syslog Configuration Example

Network Setup Guide. 1 Glossary. 2 Operation. 1.1 Static IP. 1.2 Point-to-Point Protocol over Ethernet (PPPoE)

Configuring PPP And SIP

Manage Firewalls. Palo Alto Networks. Panorama Administrator s Guide Version 6.1. Copyright Palo Alto Networks

How to Program a Commander or Scout to Connect to Pilot Software

Active Directory Authentication Integration

WhatsUpGold. v3.0. WhatsConnected User Guide

Providing Credentials

Configuring an ArcSight Smart- Connector to collect events from Kaspersky Admin Kit 8.0

Configuring WMI Performance Monitors

Technical Note. Monitoring Ethernet Traffic with Tolomatic ACS & Managed Switch. Contents

LogLogic Blue Coat ProxySG Syslog Log Configuration Guide

Cyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10

Transcription:

McAfee Enterprise Security Manager Data Source Configuration Guide Data Source: A10 Networks Load Balancer January 26, 2015 A10 Networks Load Balancer Page 1 of 8

Important Note: The information contained in this document is confidential and proprietary. Please do not redistribute without permission. A10 Networks Load Balancer Page 2 of 8

Table of Contents 1 Introduction 4 2 Prerequisites 4 3 Specific Data Source Configuration Details 5 3.1 A10 Load Balancer Configuration 5 3.2 McAfee Receiver Configuration 5 4 Data Source Event to McAfee Field Mappings 6 4.1 Log Format 6 4.2 Log Sample 6 4.3 Mappings 7 5 Appendix A - Generic Syslog Configuration Details 8 6 Appendix B - Troubleshooting 8 A10 Networks Load Balancer Page 3 of 8

1 Introduction This guide details how to configure A10 Networks AX series devices to send syslog data in the proper format to the ESM. 2 Prerequisites McAfee Enterprise Security Manager Version 8.4.2 and above. In order to configure the A10 Networks AX series device Syslog service, appropriate administrative level access is required to perform the necessary changes documented below. A10 Networks Load Balancer Page 4 of 8

3 Specific Data Source Configuration Details 3.1 A10 Load Balancer Configuration There are two ways in which to configure the Syslog service to send information to your McAfee Receiver. The first is to use the GUI (Graphical User Interface) and the second is to use the CLI (Command Line Interface). Both methods are described below. GUI (Graphical User Interface) Configuration Method: 1. Log into the GUI. 2. Select Config > System > Settings. 3. In the menu bar, select Log. 4. In the Log Server field enter the IP address of your McAfee Receiver. 5. Ensure that the Log Server Port is set to 514. 6. Leave all other settings at their default values. 7. Click OK. CLI (Command Line Interface) Configuration Method: 1. Log into the CLI. 2. Type: logging syslog 5 logging host IP address of McAfee Receiver port 514 3.2 McAfee Receiver Configuration After successfully logging into the McAfee ESM console the data source will need to be added to a McAfee Receiver in the ESM hierarchy. 1. Select the Receiver you are applying the data source setting to. 2. Select the Receiver properties. 3. From the Receiver Properties listing, select Data Sources. 4. Select Add Data Source. OR 1. Select the Receiver you are applying the data source setting to. 2. After selecting the Receiver, select the Add Data Source icon. Data Source Screen Settings 1. Data Source Vendor A10 Networks 2. Data Source Model Load Balancer 3. Data Format Default 4. Data Retrieval SYSLOG (Default) 5. Enabled: Parsing/Logging/SNMP Trap <Defaults> 6. Name Name of data source 7. IP Address/Hostname The IP address and host name associated with the data source device. 8. Syslog Relay <Enable> 9. Mask <Default> 10. Require Syslog TLS Enable to require the Receiver to communicate over TLS. 11. Support Generic Syslogs Do nothing 12. Time Zone Time zone of data being sent. Note Refer to Appendix A for details on the Data Source Screen options A10 Networks Load Balancer Page 5 of 8

4 Data Source Event to McAfee Field Mappings 4.1 Log Format The expected format for this device is as follows: SYSLOG Header [log source] message Please Note: Only standard logs from this device are supported by the McAfee ESM. However, custom logs generated by the AFLEX engine are not supported. Custom rules for this product may be created in the ESM, but how to create them is outside of the scope of this documentation. 4.2 Log Sample This is a sample log from an A10 Networks AX series load balancer device: System log: Oct 24 2014 01:02:03 reachable AX log: Oct 24 2014 04:05:06 packet Error [SYSTEM]NTP server us.pool.ntp.org is not Error [AX] Unknown gzip error while decompressing Logging log: Oct 24 2014 07:08:09 Error [LOGGING]Send log email to test.user@example.com failed. Alternate delivery method: <13>a10logd: [SYSTEM]<6> User "admin" with session ID 1 successfully saved the running configuration A10 Networks Load Balancer Page 6 of 8

4.3 Mappings The table below shows the mappings between the data source and McAfee ESM fields. Pre 9.2.0: Log Fields McAfee ESM Fields Log Source Server Name SLB server, NTP Server Error Type, Group Name, change Email To address User Application Domain Hostname Object Destination Username Source Username 9.2.0 and above: Log Fields Log Source Server Name SLB server, NTP Server Error Type, change Email To address User Group Name McAfee ESM Fields Application Domain Hostname Object Destination Username Source Username Group_Name A10 Networks Load Balancer Page 7 of 8

5 Appendix A - Generic Syslog Configuration Details Once you select the option to add a data source, you are taken to the Add Data Source menu. The general options for adding a data source are shown. As you select different options, additional parameters may show. Each of these parameters will be examined in more detail. 1. Use System Profiles System Profiles are a way to use settings that are repetitive in nature, without having to enter the information each time. An example is WMI credentials, which are necessary to retrieve Windows Event Logs if WMI is the chosen mechanism. 2. Data Source Vendor List of all supported vendors. 3. Data Source Model List of supported products for a vendor. 4. Data Format Data Format is the format the data is in. Options are Default, CEF, and MEF. Note If you choose CEF it will enable the generic rule for CEF and may not parse data source-specific details. 5. Data Retrieval Data Retrieval allows you to select how the Receiver is going to collect the data. Default is over syslog. 6. Enabled: Parsing/Logging/SNMP Trap Enables parsing of the data source, logging of the data source, and reception of SNMP traps from the data source. If no option is checked, the settings are saved to the ESM, but not written to the Receiver or utilized. Default is to select Parsing. 7. Name This is the name that will appear in the Logical Device Groupings tree and the filter lists. 8. IP Address/Hostname The IP address and host name associated with the data source device. 9. Syslog Relay Syslog Relay allows data to be collected via relays and bucketed to the correct data source. Enable syslog relay on relay sources such as Syslog-NG. 10. Mask Enables you to apply a mask to an IP address so that a range of IP addresses can be accepted. 11. Require Syslog TLS Enable to require the receiver to communicate over TLS. 12. Support Generic Syslog Generic Syslog allows users to select Parse generic syslog or Log unknown syslog event. Both these options will create an alert for an auto-learned syslog event if there is no parsing rule. 13. Time Zone - If syslog events are sent in a time zone other than GMT, you need to set the time zone of the data source so the date on the events can be set accordingly. 14. Interface Opens the receiver interface settings to associate ports with streams of information. 15. Advanced Opens advanced settings for the data source. 6 Appendix B - Troubleshooting If a data source is not receiving events, verify that the data source settings have been written out and that policy has been rolled out to the Receiver. If you see errors saying events are being discarded because the Last Time value is more than one hour in the future, or the values are incorrect, you may need to adjust the Time Zone setting. Please Note: Standard logs from this device are supported by this data source. However, custom logs generated by the AFLEX engine are not supported. Custom rules for this product may be created in the ESM, but that is outside of the scope of this documentation. A10 Networks Load Balancer Page 8 of 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information