Configuring your Extreme 800-Series Switch

Configuring the Extreme 800-Series Switch to forward syslog events.

About this task

To manually configure the Extreme 800-Series Switch:

Procedure

  1. Log in to your Extreme 800-Series Switch command-line interface.

    You must be a system administrator or operator-level user to complete these configuration steps.

  2. Type the following command to enable syslog:

    enable syslog

  3. Type the following command to create a syslog address for forwarding events to QRadar:

    create syslog host 1 <IP address> severity informational facility local7 udp_port 514 state enable

    Where: <IP address> is the IP address of your QRadar Console or Event Collector.

  4. Optional: Type the following command to forward syslog events by using an IP interface address:

    create syslog source_ipif <name> <IP address>

    Where:

    • <name> is the name of your IP interface.
    • <IP address> is the IP address of your QRadar Console or Event Collector.

    The configuration is complete. The log source is added to QRadar as Extreme 800-Series Switch events are automatically discovered. Events that are forwarded to QRadar by Extreme 800-Series Switches are displayed on the Log Activity tab of QRadar.