You can configure your BlueCat Adonis appliance to forward DNS and DHCP events to IBM
QRadar SIEM.
Procedure
-
Using SSH, log in to your BlueCat Adonis appliance.
-
On the command-line interface type the following command to start the syslog configuration
script:
/usr/local/bluecat/QRadar/setup-QRadar.sh
-
Type the IP address of your QRadar
Console or Event Collector.
-
Type yes or no to confirm the IP address.
The configuration is complete when a success message is displayed.
The log source is added to QRadar as BlueCat Networks Adonis
syslog events are automatically discovered. Events that are forwarded to QRadar are displayed on the
Log Activity tab. If the events are not automatically discovered, you can
manually configure a log source.