To configure agileSI, you must create a logical file name for your events and configure
the connector settings with the path to your agileSI event log.
About this task
The location of the LEEF formatted event file must be in a location viewable by Samba and
accessible with the credentials you configure for the log source in IBM
QRadar.
Procedure
-
In agileSI core system installation, define a logical file name for the output
file that contains your SAP security events.
SAP provides a concept that gives you the option to use platform-independent logical file names
in your application programs. Create a logical file name and path by using transaction "FILE"
(Logical File Path Definition) according to your organization's requirements.
-
Log in to agileSI.
For example, http://<sap-system-url:port>/sap/bc/webdynpro/itcube/
ccf?sap-client=<client>&sap-language=EN
Where:
- <sap-system-url> is the IP address and port number of your SAP system,
such as <IP_address>:50041.
- <client> is the agent in your agileSI deployment.
-
From the menu, click Display/Change to enable
change mode for agileSI.
-
From the toolbar, select .
The Core Consumer Connector Settings are displayed.
-
Configure the following values:
From the Consumer Connector list, select Q1
Labs.
-
Select the Active check box.
-
From the Connector Type list, select File.
-
From the Logical File Name field, type the path
to your logical file name you configured in Configuring agileSI to forward events.
For example, /ITCUBE/LOG_FILES.
The file that is created for the agileSI events is labeled LEEFYYYYDDMM.TXT
where YYYYDDMM is the year, day, and month. The event file for the current day
is appended with new events every time the extractor runs. iT-CUBE agileSI creates a
new LEEF file for SAP events daily.
-
Click Save.
The configuration for your connector is saved. Before you can complete the agileSI configuration,
you must deploy the changes for agileSI by using extractors.
-
From the toolbar, select .
The Extractor Management settings are displayed.
-
Click Deploy all.
The configuration for agileSI events is complete. You are now ready to configure a log source in
QRadar.