Configuring syslog for Nortel Switched Firewalls

This method ensures the IBM QRadar Nortel Switched Firewall 6000 DSM accepts events by using syslog.

About this task

To configure your Nortel Switched Firewall 6000:

Procedure

  1. Log into your Nortel Switched Firewall device command-line interface (CLI).
  2. Type the following command:

    /cfg/sys/log/syslog/add

  3. Type the IP address of your QRadar system at the following prompt:

    Enter IP address of syslog server:

    A prompt is displayed to configure the severity level.

  4. Configure info as the severity level.

    For example, Enter minimum logging severity

    (emerg | alert | crit | err | warning | notice | info | debug): info

    A prompt is displayed to configure the facility.

  5. Configure auto as the local facility.

    For example, Enter the local facility (auto | local0-local7): auto

  6. Apply the configuration:

    apply

    You can now configure the log source in QRadar.

  7. To configure QRadar to receive events from a Nortel Switched Firewall 6000 using syslog: From the Log Source Type list, select the Nortel Switched Firewall 6000 option.