Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Configuration of Dell Switches

Owned by Customer Success & Engineering (Unlicensed)
Jun 19, 2023
2 min read

 

Overview

We are providing you with the steps to integrate your Dell Switch with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for sflows forwarding.

Note: Allow port 6343 before configuration

Steps of Configuration

console>enable

Enter the privilege mode

console#configure

Enter the configure mode

console(config)#sflow destination

Configure the address of the sFlow receiver and
(optionally) the destination UDP port for sFlow
datagrams.

console(config)#sflow destination owner timeout

Specify the identity string of the receiver and set the
receiver timeout value.

timeout - The number of seconds the configuration will be valid before it is automatically cleared. A value of 0 essentiality means the receiver is not configured.

console(config)#sflow polling

Enable a new sFlow poller instance on an interface range.

console(config)#sflow sampling

Enable a new sflow sampler instance for the specified
interface range.

Sample Configuration

console>enable
console#configure
console(config)#sflow 1 destination 192.168.2.1
console(config)#sflow 1 destination owner SFLOW_EXAMPLE timeout 10000
console(config)#sflow 1 polling gi1/0/1-4 30
console(config)#sflow 1 sampling gi1/0/1-4 1024

 

Verification Configuration

Verify Configuration

 

 

To verify the configuration use the below commands

console#show sflow 1 destination

Receiver Index.................... 1
Owner String...................... SFLOW_EXAMPLE
Time out.......................... 10000
IP Address:....................... 192.168.2.1
Address Type...................... 1
Port.............................. 6343
Datagram Version.................. 5
Maximum Datagram Size............. 1400

console#show sflow 1 polling
Poller Receiver Poller
Data Source Index Interval
----------- ------- -------
Te1/0/1     1     30
Te1/0/2     1     30
Te1/0/3     1     30
Te1/0/4     1     30
 

console#show sflow 1 sampling
Sampler Receiver Packet Max Header
Data Source Index Sampling Rate Size
----------- ------- ------------- ----------
Te1/0/1            1      1024        128
Te1/0/2            1      1024        128
Te1/0/3            1      1024        128
Te1/0/4            1      1024        128

VERIFICATION OF CONFIGURATION

Verification can be done either from CCE Server or from UI.

Using UI

STEP 1: Log in to UI >> SYSTEM

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

Using CCE SERVER

sudo tcpdump -i any port 6343 and host <IP address> ” command should be running on the CCE server to check whether or not we are getting logs.

Seceon Inc. All rights reserved. https://www.seceon.com