Integrating Nortel Switched Firewall by using syslog

This method ensures the IBM QRadar Nortel Switched Firewall 5100 DSM accepts events by using syslog.

About this task

To configure your Nortel Switched Firewall 5100:

Procedure

  1. Log into your Nortel Switched Firewall device command-line interface (CLI).
  2. Type the following command:

    /cfg/sys/log/syslog/add

  3. Type the IP address of your QRadar system at the following prompt:

    Enter IP address of syslog server:

    A prompt is displayed to configure the severity level.

  4. Configure info as the severity level.

    For example, Enter minimum logging severity

    (emerg | alert | crit | err | warning | notice | info | debug): info

    A prompt is displayed to configure the facility.

  5. Configure auto as the local facility.

    For example, Enter the local facility (auto | local0-local7): auto

  6. Apply the configuration:

    apply

  7. Repeat for each firewall in your cluster.

    You are now ready to configure the log source in QRadar.

  8. To configure QRadar to receive events from a Nortel Switched Firewall 5100 device by using syslog: From the Log Source Type list, select the Nortel Switched Firewall 5100 option.