NXLog User Guide
- Introduction
- Deployment
- Configuration
- OS Support
- Integration
- 42. Amazon Web Services (AWS)
- 43. Apache HTTP Server
- 44. Apache NiFi
- 45. Apache Tomcat
- 46. APC Automatic Transfer Switch
- 47. Apple macOS kernel
- 48. ArcSight Common Event Format (CEF)
- 49. Box
- 50. Brocade switches
- 51. Browser History Logs
- 52. Check Point
- 53. Cisco ACS
- 54. Cisco ASA
- 55. Cisco FireSIGHT
- 56. Cisco IPS
- 57. Cloud Instance Metadata
- 58. Common Event Expression (CEE)
- 59. Dell EqualLogic
- 60. Dell iDRAC
- 61. Dell PowerVault MD series
- 62. Devo
- 63. DHCP logs
- 64. DNS Monitoring
- 65. Docker
- 66. Elastic Cloud
- 67. Elastic Common Schema (ECS)
- 68. Elasticsearch and Kibana
- 69. F5 BIG-IP
- 70. File Integrity Monitoring
- 71. FreeRADIUS
- 72. General Electric CIMPLICITY
- 73. Google Chronicle
- 74. Graylog
- 75. HP ProCurve
- 76. IBM QRadar SIEM
- 77. Industrial Control Systems
- 78. Kubernetes
- 79. Linux Audit System
- 80. Linux system logs
- 81. Log Event Extended Format (LEEF)
- 82. LogPoint
- 83. Logstash
- 84. McAfee Enterprise Security Manager (ESM)
- 85. McAfee ePolicy Orchestrator
- 86. Micro Focus ArcSight Logger
- 87. Microsoft Active Directory Domain Controller
- 88. Microsoft Azure
- 89. Microsoft Azure Event Hubs
- 90. Microsoft Azure Sentinel
- 91. Microsoft Defender for Identity
- 92. Microsoft Exchange
- 93. Microsoft IIS
- 94. Microsoft SharePoint
- 95. Microsoft SQL Server
- 96. Microsoft System Center Endpoint Protection
- 97. Microsoft System Center Configuration Manager
- 98. Microsoft System Center Operations Manager
- 99. MongoDB
- 100. Nagios Log Server
- 101. Nessus Vulnerability Scanner
- 102. NetApp
- 103. .NET application logs
- 104. Nginx
- 105. Okta
- 106. Oracle Database
- 107. Osquery
- 108. Postfix
- 109. Promise
- 110. Raijin Database Engine
- 111. Rapid7 InsightIDR SIEM
- 112. RSA NetWitness
- 113. SafeNet KeySecure
- 114. Salesforce
- 115. SAP
- 116. Schneider Electric Citect SCADA
- 117. Siemens SICAM SCC
- 118. Siemens SIMATIC PCS 7
- 119. Snare
- 120. Snort
- 121. Solarwinds Loggly
- 122. Splunk
- 123. Sumo Logic
- 124. Symantec Endpoint Protection
- 125. Synology DiskStation
- 126. Syslog
- 127. Sysmon
- 128. Ubiquiti UniFi
- 129. VMware vCenter
- 130. Windows AppLocker
- 131. Windows Command Line Auditing
- 132. Windows Event Log
- 133. Windows Firewall
- 134. Windows Group Policy
- 135. Windows Management Instrumentation (WMI)
- 136. Windows PowerShell
- 137. Windows Time service
- 138. Microsoft Windows Update
- 139. Windows USB auditing
- 140. YOKOGAWA FAST/TOOLS
- 141. Zeek (formerly Bro) Network Security Monitor
- Troubleshooting
- Enterprise Edition Reference Manual
- NXLog Manager
- NXLog Add-Ons
50. Brocade switches
Brocade switches can be configured to send Syslog messages to a remote destination, UDP port 514. NXLog can be configured to collect Brocade logs.
2017/03/22-23:05:12, [SEC-1203], 113962, FID 128, INFO, fcsw1, Login information: Login successful via TELNET/SSH/RSH. IP Addr: admin2The best way to configure a Brocade switch is with the command line interface. In the case of multiple switches running in redundancy mode, each device must be configured separately.
More details on configuring Brocade switches can be found in the Brocade Document Library: search for a particular switch model and select Installation & Configuration Guides from the Filter list.
|
Note
|
The steps below have been tested with Brocade 4100 series switches and OS v6. Newer software versions may have additional capabilities, such as sending logs over TLS. |
-
Configure NXLog for receiving Syslog entries via UDP (see the example below), then restart NXLog.
-
Make sure the NXLog agent is accessible from the switch.
-
Log in to the switch via SSH.
-
Run the following commands. Replace
LEVELwith an integer corresponding to the desired Syslog local facility (see the example). ReplaceIP_ADDRESSwith the address of the NXLog agent.# syslogdfacility -l LEVEL # syslogdIpAdd IP_ADDRESSExample 256. Sending logs with local5 facilityThe following commands query the current Syslog facility and then set up Syslog logging to 192.168.6.143 with Syslog facility
local5.fcsw1:admin> syslogdfacility Syslog facility: LOG_LOCAL7 fcsw1:admin> syslogdfacility -l 5 Syslog facility changed to LOG_LOCAL5 fcsw1:admin> syslogdIpAdd 192.168.6.143 Syslog IP address 192.168.6.143 added
This example shows Brocade switch logs as received and processed by NXLog.
![[Download file]](images/icons/download_icon.png "Download file"){kind=icon}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _json>
Module xm_json
</Extension>
<Input in_syslog_udp>
Module im_udp
Host 0.0.0.0
Port 514
Exec parse_syslog();
</Input>
<Output file>
Module om_file
File "/var/log/brocade.log"
Exec to_json();
</Output>
{
"MessageSourceAddress": "192.168.5.15",
"EventReceivedTime": "2017-03-22 20:23:58",
"SourceModuleName": "in_syslog_udp",
"SourceModuleType": "im_udp",
"SyslogFacilityValue": 21,
"SyslogFacility": "LOCAL5",
"SyslogSeverityValue": 6,
"SyslogSeverity": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"EventTime": "2017-03-22 20:23:58",
"Hostname": "192.168.5.15",
"SourceName": "raslogd",
"Message": "2017/03/22-23:05:12, [SEC-1203], 113962, WWN 10:00:00:05:1e:02:8e:fc | FID 128, INFO, fcsw1, Login information: Login successful via TELNET/SSH/RSH. IP Addr: admin2"
}