Skip to main content

HPE Switch

HPE (Hewlett Packard Enterprise) switches offer enterprise-grade networking solutions with flexibility, scalability, and robust security features. They provide essential enterprise features like VLAN support, QoS, and IPv4/IPv6 routing, ensuring efficient performance and management.

HPE Switch

This pack includes Cortex XSIAM content.

Configuration on HPE Switches

This section describes the basic mandatory steps you should perform on an HPE switch device in order to forward its audited logs to Cortex XSIAM via Syslog.

Configure Syslog forwarding

HPE's switches support forwarding the audited messages to a remote Syslog server. This is done via the logging command.

Follow these steps to configure forwarding of event logs from an HPE switch to a Cortex XSIAM Syslog Broker VM over UDP:

  1. Connect to the switch CLI (Command Line Interface).
  2. Type enable to move from the Operator Level mode to Manager Level mode, followed by the Manager Level password if prompted.
  3. Type config to enter the Global Configuration command mode.
  4. Type logging <IP\> udp <PORT\> where <IP\> and <PORT\> are the corresponding IP address and port of the target Cortex XSIAM Syslog Broker VM.
  5. Type write memory to commit the updated configuration settings to the startup configuration file.
  6. Type exit to exit the Global Configuration command mode and return back to the Manager Level command mode.
  7. Type exit again to terminate the Manager Level mode session.

Example

Bellow is an example execution of the commands above for forwarding messages over UDP to a syslog server with IP 192.168.1.10 on the default UDP port 514 : 

   HP Switch> enable
   Password:
   HP Switch# configure
   HP Switch(config)# logging 192.168.1.10 udp 514
   switch(config)# write memory
   switch(config)# exit
   switch# exit

Remark

For additional examples and command options, such as setting the logging severity level, filtering logging only for certain event ID's and forwarding syslog messages over TCP or TLS, see HPE's Remote Syslog logging command reference.

## Configuration on Cortex XSIAM
In order to use the collector, use the Broker VM option.

Broker VM

To create or configure the Broker VM, use the information described here.

You can configure the specific vendor and product for this instance.

  1. Navigate to SettingsConfigurationData BrokerBroker VMs.
  2. Go to the APPS column under the Brokers tab and add the Syslog app for the relevant broker instance. If the Syslog app already exists, hover over it and click Configure.
  3. Click Add New.
  4. When configuring the Syslog Collector, set the following parameters:
    | Parameter | Value
    | :--- | :---
    | Protocol | Select the transport protocol configured on the HPE switch devices to forward messages to this Broker VM: UDP, TCP, or Secure TCP (TLS).
    | Port | Enter the syslog service port that Cortex XSIAM Broker VM should listen on for receiving streamed syslog events from HPE switch devices.
    | Format | Select Auto-Detect.
    | Vendor | Enter HPE.
    | Product | Enter Switch.
  5. Click Done.

PUBLISHER

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJune 30, 2024
Last ReleaseJuly 3, 2024
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.