The IBM®
QRadar® DSM
for Cisco Aironet accepts Cisco EMBLEM Format events by using Syslog.
Procedure
- Establish a connection to the Cisco Aironet device by using one of the following
methods:
- Telnet to the wireless access point
- Access the console
- Type the following command to access privileged EXEC mode:
- Type the following command to access global configuration mode:
- Type the following command to enable message logging:
- Configure the syslog facility. The default is local7.
logging <facility>
where <facility> is, for example, local7.
- Type the following command to log messages to your QRadar:
logging <IP address>
where <IP address> is the IP address of your QRadar.
- Enable timestamp on log messages:
service timestamp log datatime
- Return to privileged EXEC mode:
- View your entries:
- Save your entries in the configuration file:
copy running-config startup-config
The configuration is complete. The log source is added to QRadar as Cisco Aironet events are
automatically discovered. Events that are forwarded to QRadar by Cisco Aironet appliances
are displayed on the Log Activity tab of QRadar.
Results
The log source is added to QRadar as Cisco Aironet events are
automatically discovered. Events that are forwarded to QRadar by Cisco Aironet appliances
are displayed on the Log Activity tab of QRadar.