Sybase ASE

You can integrate a Sybase Adaptive Server Enterprise (ASE) device with IBM QRadar SIEM to record all relevant events by using JDBC.

About this task

To configure a Sybase ASE device:

Procedure

  1. Configure Sybase auditing.

    For information about configuring Sybase auditing, see your Sybase documentation.

  2. Log in to the Sybase database as a sa user:

    isql -Usa -P<password>

    Where <password> is the password necessary to access the database.

  3. Switch to the security database:
    • use sybsecurity
    • go
  4. Create a view for IBM QRadar SIEM.
    • create view audit_view
    • as
    • select audit_event_name(event) as event_name, * from <audit_table_1>
    • union
    • select audit_event_name(event) as event_name, * from <audit_table_2>
    • go
  5. For each additional audit table in the audit configuration, make sure that the union select parameter is repeated for each additional audit table.

    For example, if you want to configure auditing with four audit tables (sysaudits_01, sysaudits_02, sysaudits_03, sysaudits_04), type the following commands:

    • create view audit_view as select audit_event_name(event) as event_name, * from sysaudits_01
    • union select audit_event_name(event) as event_name, * from sysaudits_02,
    • union select audit_event_name(event) as event_name, * from sysaudits_03,
    • union select audit_event_name(event) as event_name, * from sysaudits_04

What to do next

You can now configure the log source IBM QRadar SIEM.