Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Device Integration: AVAYA Switch Configuration

            Modified on Thu, 7 May at 5:48 PM

            TABLE OF CONTENTS


            Overview

            This document details the steps to configure AVAYA network switches for integrating with centralized support, monitoring, and log collection platforms. Proper configuration ensures the seamless forwarding of logs and alerts to support teams or SIEM solutions, enhancing troubleshooting, security analysis, and operational visibility. 


            Prerequisites

            • Administrative SSH or console access to the Avaya switch.
            • Correct system date/time and timezone on the switch.
            • IP address of the ADR CCE server.
            • Firewall rules allowing outbound:
              • UDP 514 for Syslog
              • UDP 6343 for sFlow.


            Syslog Configuration (Avaya CLI)

            1. SSH to the switch:
              ssh admin@<SwitchIP>
enable
configure terminal
            2. Add Syslog server:
              logging host <CCE_IP> vrf default
logging facility local7
logging severity informational
            3. Save configuration:
              write memory


            NetFlow (sFlow) Configuration

            1. Enter configuration mode:
              configure terminal
            2. Set sFlow agent to switch management IP: 
              sflow agent-ip SwitchManagementIP
            3. Define sFlow collector (CCE):
              sflow collector <CCE_IP> udp-port 6343
            4. Enable sFlow globally:
              sflow enable
            5. Enable sFlow on interfaces (e.g., gigabitEthernet 1/0/1):
              interface gigabitEthernet 1/0/1
  sflow enable
exit
            6. Configure sampling and polling:
              sflow sample-rate 1024
sflow polling-interval 60
            7. Save configuration:
              write memory



            Verification (MSSP Only)

            On Switch (CLI)

            Check configuration:

            show logging
show sflow

            On ADR CCE CLI

            Capture incoming Syslog and sFlow traffic:

            sudo tcpdump -i any port 514 and host <SwitchIP> -AAA
sudo tcpdump -i any port 6343 and host <SwitchIP> -AAA

            Replace SwitchIPwith the Avaya switch IP 


            On ADR SIEM UI

            1. Log in to ADR SIEM UI.

            2. Navigate to System Logs and Flows > Collection Status.

            3. Confirm the Avaya switch IP appears under Source Device IP for both logs and flows.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0