Open LDAP
The Open LDAP DSM for IBM QRadar accepts UDP Multiline syslog events from Open LDAP installations that are configured to log stats events by using logging level 256.
Open LDAP events are forwarded to QRadar by using port 514. The events must be redirected to the port that is configured for the UDP Multiline syslog protocol. QRadar does not support UDP Multiline syslog on the standard listen port 514.
Note: UDP Multiline Syslog events can be assigned to any available port that is not in use, other
than port 514. The default port that is assigned to the UDP Multiline Syslog protocol is port 517.
If port 517 is already being used in your network, see the QRadar port usage topic in
the IBM
QRadar Administration Guide or the IBM Knowledge Center (
https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.0/com.ibm.qradar.doc/c_qradar_adm_common_ports.html?pos=2
) for a list of ports that are used by QRadar.
Important: Forward the UDP Multiline syslog events directly to the chosen port (default
517) from your Open LDAP device. If you can't send events to this port directly, you can use the
backup method of configuring IPtables for UDP Multiline Syslog events.