User's Guide
AirTight Management Console Configuration
137
Configure Integration with Enterprise Security
Management Servers
You can configure AirTight Management Console to integrate with various enterprise security
management (ESM) servers using the Configuration->ESM Integration page.
AirTight Management Console integrates with ESM servers that collect, analyze, and display events.
AirTight Management Console sends security events related information to these servers.
AirTight Management Console integrates with SNMP, Syslog and Arcsight servers.
To configure the integration settings for SNMP, see SNMP Integration
.
To configure the integration settings for Syslog, see Syslog Integration.
To configure the integration settings for Arcsight, see Arcsight Integration.
Syslog Integration
You can configure the integration settings with communication with Syslog servers for AirTight WIPS to
communicate and send log messages to Syslog servers.
If Syslog integration is enabled, the system sends messages to the configured Syslog servers. Otherwise,
Syslog integration services are shut off. Apart from events, you can also send audit logs from AirTight
WIPS to a Syslog server. You must enable integration with Syslog for AirTight WIPS to send messages
and audit logs to Syslog servers. Select the Enable Syslog Integration check box to enable integration
of AirTight Management Console/AirTight WIPS with Syslog server.
Current Status indicates the status of the Syslog server. It could be Running, Stopped or Error,
depending on the state of the Syslog server. Error status is shown if the System server is stopped, if the
hostname of an enabled syslog server cannot be resolved, or if an internal error occurs. In case of
occurrence of an internal error, you need to contact Airtight Technical Support.
Adding a Syslog Server
To add a syslog server, do the following.
1.
Go to Configuration>ESM Integration>Syslog Integration.
2. Under Manage Syslog Servers, click Add Syslog Server to add Syslog server details.
3. Specify the Syslog Server IP Address or Hostname to which the events should be sent.
4. Specify the port number of the Syslog server to which the system sends events. The default port
number is 514.
5.
Specify the format in which the event is sent, which is Intrusion Detection Message Exchange Format
(IDMEF) or Plain text. the default format is plain text).
6.
Select the Enabled check box if you want the events and/or audit logs to be sent to this Syslog
server. It is enabled by default.
7.
Select the Append BOM header check box if you want to append the byte order mark to the syslog
server entry. This is relevant in case of plain text files.
8.
Select the Forward Events check box to send events to the Syslog server.
9. Select the Forward Audit Logs check box to send audit logs to the Syslog server. You can forward
audit logs in plain text format only.
10.
Click OK to add the details for a new Syslog server.