Configuring Cisco Aironet to forward events

The IBM® QRadar® DSM for Cisco Aironet accepts Cisco EMBLEM Format events by using Syslog.

Procedure

  1. Establish a connection to the Cisco Aironet device by using one of the following methods:
    • Telnet to the wireless access point
    • Access the console
  2. Type the following command to access privileged EXEC mode:

    enable

  3. Type the following command to access global configuration mode:

    config terminal

  4. Type the following command to enable message logging:

    logging on

  5. Configure the syslog facility. The default is local7.

    logging <facility>

    where <facility> is, for example, local7.

  6. Type the following command to log messages to your QRadar:

    logging <IP address>

    where <IP address> is the IP address of your QRadar.

  7. Enable timestamp on log messages:

    service timestamp log datatime

  8. Return to privileged EXEC mode:

    end

  9. View your entries:

    show running-config

  10. Save your entries in the configuration file:

    copy running-config startup-config

    The configuration is complete. The log source is added to QRadar as Cisco Aironet events are automatically discovered. Events that are forwarded to QRadar by Cisco Aironet appliances are displayed on the Log Activity tab of QRadar.

Results

The log source is added to QRadar as Cisco Aironet events are automatically discovered. Events that are forwarded to QRadar by Cisco Aironet appliances are displayed on the Log Activity tab of QRadar.