Configuring Redback ASE

You can configure the device to send syslog events to IBM QRadar.

Procedure

  1. Log in to your Redback ASE device user interface.
  2. Start the CLI configuration mode.
  3. In global configuration mode, configure the default settings for the security service:

    asp security default

  4. In ASP security default configuration mode, configure the IP address of the log server and the optional transport protocol:

    log server <IP address> transport udp port 9345

    Where <IP address> is the IP address of the QRadar.

  5. Configure the IP address that you want to use as the source IP address in the log messages:

    log source <source IP address>

    Where <source IP address> is the IP address of the loopback interface in context local.

  6. Commit the transaction.

    For more information about Redback ASE device configuration, see your vendor documentation.

    For example, if you want to configure:

    • Log source server IP address <IP_address>
    • Default transport protocol: UDP
    • Default server port: 514

    The source IP address that is used for log messages is <IP_address>. This address must be an IP address of a loopback interface in context local.

    asp security default log server <IP_address1> log source <IP_address2>

What to do next

You can now configure the log sources in QRadar.