Avaya Aura Communication Manager
This pack includes Cortex XSIAM content.
Configuration on Server Side
This section describes the configuration that needs to be done on Avaya Aura Communication Manager in order to forward its event logs to Cortex XSIAM Broker VM via syslog.
Follow the steps below:
- Log in to Communication Manager System Management Interface.
- On the Administration menu, click Server (Maintenance).
- In the left navigation pane, under Security, click Server Log Files and do the following:
- In
Enabledselect Yes. - In
Protocolclick the transport protocol that would be used to transfer the syslog messages: UDP, TCP or TLS. - In
Portenter the syslog service port that the target Cortex XSIAM Broker VM is listening on for receiving forwarded events from Avaya Aura Communication Manager. - In
Server IP/FQDNtype the IP address of the target Cortex XSIAM Syslog Broker VM.
- In
- Click Submit.
See Avaya Aura Configuring syslog server guide for additional details.
Collect Events from Vendor
In order to use the collector, use the Broker VM option.
Broker VM
You will need to use the information described here.
You can configure the specific vendor and product for this instance.
Navigate to Settings → Configuration → Data Broker → Broker VMs.
Go to the APPS column under the Brokers tab and add the Syslog app for the relevant broker instance. If the Syslog app already exists, hover over it and click Configure.
Click Add New.
When configuring the Syslog Collector, set the following parameters:
Parameter Value ProtocolSelect the protocol in correspondence to the protocol that was defined for syslog forwarding on Avaya Aura Communication Manager - UDP, TCP or Secure TCP if the syslog forwarding on the Communication Manager was defined with TLS. PortEnter the syslog service port that Cortex XSIAM Broker VM should listen on for receiving forwarded events from Avaya Aura Communication Manager. VendorEnter Avaya. ProductEnter Communicaton_Manager.
