You can integrate a Sybase Adaptive Server Enterprise (ASE) device with IBM
QRadar SIEM to record all
relevant events by using JDBC.
About this task
To configure a Sybase ASE device:
Procedure
-
Configure Sybase auditing.
For information about configuring Sybase auditing, see your Sybase documentation.
-
Log in to the Sybase database as a
sa
user:
isql -Usa -P<password>
Where <password> is the password necessary to access the database.
-
Switch to the security database:
-
Create a view for IBM
QRadar SIEM.
- create view audit_view
- as
- select audit_event_name(event) as event_name, * from
<audit_table_1>
- union
- select audit_event_name(event) as event_name, * from
<audit_table_2>
- go
-
For each additional audit table in the audit configuration, make sure that the union
select parameter is repeated for each additional audit table.
For example, if you want to configure auditing with four audit tables
(sysaudits_01, sysaudits_02,
sysaudits_03, sysaudits_04), type the following
commands:
- create view audit_view as select audit_event_name(event) as event_name, * from
sysaudits_01
- union select audit_event_name(event) as event_name, * from sysaudits_02,
- union select audit_event_name(event) as event_name, * from
sysaudits_03,
- union select audit_event_name(event) as event_name, * from
sysaudits_04
What to do next
You can now configure the log source IBM
QRadar SIEM.