This method ensures the IBM
QRadar Nortel Switched Firewall
5100 DSM accepts events by using syslog.
About this task
To configure your Nortel Switched Firewall 5100:
Procedure
-
Log into your Nortel Switched Firewall device command-line interface
(CLI).
-
Type the following command:
-
Type the IP address of your QRadar system at the following
prompt:
Enter IP address of syslog server:
A prompt is displayed to configure the severity level.
-
Configure info as the severity level.
For example, Enter minimum logging severity
(emerg | alert | crit | err | warning | notice | info | debug): info
A prompt is displayed to configure the facility.
-
Configure auto as the local facility.
For example, Enter the local facility (auto | local0-local7): auto
-
Apply the configuration:
-
Repeat for each firewall in your cluster.
You are now ready to configure the log source in QRadar.
-
To configure QRadar to
receive events from a Nortel Switched Firewall 5100 device by using syslog: From the Log
Source Type list, select the Nortel Switched Firewall 5100
option.