Skip to main content

Brocade Switch

Modeling Rules for the Brocade Switch logs collector

Brocade Switch

This pack includes XSIAM content.

Configuration on Server Side

This section describes the configuration that needs to be done on Brocade Fabric OS switch appliances in order to forward their event logs to Cortex XSIAM Broker VM via syslog.

Syslog Forwarding Configuration

Brocade Fabric OS switches support forwarding the audited events to a remote syslog server. The syslog forwarding configuration is done via the syslogAdmin command.

For adding the Cortex XSIAM Broker VM as a syslog server, run the following command on the switch appliance CLI (Command Line Interface), replacing <IP\> and <Port\> with the actual corresponding IP address (or hostname) and port of the target XSIAM Syslog Broker VM:

syslogadmin --set -ip <IP\> -port <Port\>

For example, the following command sets syslog forwarding over UDP (the default) to the Cortex XSIAM Broker VM which has IP address 10.1.2.3 on the default 514 syslog port: 

   switch:admin> syslogadmin --set -ip 10.1.2.3 -port 514

For validating the configuration, run the following command to display all the configured syslog servers:

   switch:admin> syslogadmin --show -ip

For additional details and configuration options, such as setting the syslog facility level or using TLS for forwarding the logs via a secure channel over TCP, see the following links:

Collect Events from Vendor

In order to use the collector, use the Broker VM option.

Broker VM

You will need to use the information described here.

You can configure the specific vendor and product for this instance.

  1. Navigate to SettingsConfigurationData BrokerBroker VMs.
  2. Go to the apps tab and add the Syslog app for the relevant broker instance. If the Syslog app already exists, hover over it and click Configure.
  3. Click Add New.
  4. When configuring the Syslog Collector, set the following parameters:
    | Parameter | Value
    | :--- | :---
    | Protocol | Select UDP for the default forwarding, or Secure TCP if the syslog forwarding on the Brocade switch appliance was defined with the -secure option (see SyslogAdmin command reference).
    | Port | Enter the syslog service port that Cortex XSIAM Broker VM should listen on for receiving forwarded events from Brocade Fabric OS switch appliances. (This should be aligned with the -port operand used on the switch appliance when running the SyslogAdmin command as described in the Syslog Forwarding Configuration section).
    | Vendor | Enter Brocade.
    | Product | Enter Switch.

PUBLISHER

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJune 14, 2022
Last ReleaseJanuary 17, 2024
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.