Configuring your Arbor Networks Pravail system to send events to IBM QRadar

To collect all audit logs and system events from Arbor Networks Pravail, you must add a destination that specifies QRadar as the syslog server.

Procedure

  1. Log in to your Arbor Networks Pravail server.
  2. Click Settings & Reports.
  3. Click Administration > Notifications.
  4. On the Configure Notifications page, click Add Destinations.
  5. Select Syslog.
  6. Configure the following parameters:
    Table 1. Syslog parameters
    Parameter Description
    Host The IP address of the QRadar Console
    Port 514
    Severity Info
    Alert Types The alert types that you want to send to the QRadar Console
  7. Click Save.