Collect Firewall Metadata with Lumu VA and Huawei USG Firewall
Requirements
- A Huawei USG Firewall device.
- Have admin access to create a new Forwarding configuration.
- Have the most recent version of the Lumu Virtual Appliance installed.
These are the general steps you should follow to configure a syslog server on Huawei USG Firewall to send all metadata to Lumu:
Deploy and Set Up Lumu VA
All the detailed steps and guidance to create, download and install a virtual appliance on your preferred hypervisor or Cloud solution are available in our documentation:
Set up a Lumu VA Firewall Log Collector
Go to the Lumu Virtual Appliance and refresh the VA Collectors settings by running the command lumu-appliance collectors refresh. If the appliance is running, it must be stopped in order to continue the setup process.
Select the option that refers to Huawei Firewall, then input the following data:
- Protocol type: Select the UDP option. Huawei Firewall uses UDP protocol to send Syslog data.
- Port number: Provide a number between 1024 and 65535, inclusive.
- Timezone: The timezone for VA setup. Use the canonical ID (e.g. America/Chicago). You can use this external article for reference.
Configure Huawei Firewall to Send Metadata to Lumu VA
To add a new configuration, follow the steps in the Web: Example for Outputting Customized Syslogs to a Log Host document from Huawei’s Product documentation site. Make sure you follow these guidelines:
- Create and customize a Syslog template by selecting and renaming each field prefix according to the following table:
Field | New prefix |
vsys | vsys |
Protocol | protocol |
source-ip | source-ip |
source-port | source-port |
destination-ip | destination-ip |
destination-port | destination-port |
time | time |
source-zone | source-zone |
destination-zone | destination-zone |
application-name | application-name |
rule-name | rule-name |
- The Log format under the Configure Session Logs section must be set to Syslog.
- Select the created template in the Session Log Content Format section.
- The Log Format under the Configure Service Logs section must be set to Syslog.
Related Articles
Collect MikroTik Firewall Metadata with Lumu VA
Requirements MikroTik Router OS 6 or newer. Have admin access to create a new Forwarding configuration. Have the most recent version of the Lumu Virtual Appliance installed. These are the general steps you should follow to configure a syslog server ...Collect Firewall metadata with Lumu VA and WatchGuard
Requirements Admin access to configure a syslog server on WatchGuard. The most recent version of the Lumu Virtual Appliance installed. These are the general steps you should follow to configure a syslog server on a WatchGuard Firewall to send all ...Collect Firewall Metadata with Lumu VA and Juniper SRX
Requirements Juniper SRX Firewall Junos version 20+. Have admin access to configure a Syslog server on Juniper SRX. Have the most recent version of the Lumu Virtual Appliance installed. These are the general steps you should follow to configure a ...Collect FortiGate Firewall Metadata with FortiAnalyzer and Lumu VA
In scenarios where all your FortiGate deployment logs are centralized within a FortiAnalyzer, you can use it to accelerate the deployment of Lumu and forward all firewall logs at once using the FortiAnalyzer data collection capabilities from Lumu. ...Lumu Virtual Appliance Collectors
To get started with Lumu Virtual Appliances, consult our Introduction to Lumu Virtual Appliances article. The Lumu Virtual Appliance (VA) is a pre-configured lightweight virtual machine solution that collects the network metadata of your entire ...