Configuring IBM SAN Volume Controller to communicate with QRadar
To collect events from IBM® SAN Volume Controller, you must configure IBM SAN Volume Controller (SVC) cluster to send events to QRadar® from a syslog server.
SVC cluster uses rsyslogd 5.8.10 on a Linux® 6.4 based host.
- Use SSH to log in to the SVC cluster command-line interface (CLI).
Type the following command to configure a remote syslog server to send CADF events to QRadar:
svctask mksyslogserver -ip <QRadar_Event_Collector_IP_Address> error <on_or_off> -warning <on_or_off> -info <on_or_off> -cadf on
The following example shows a command that is used to configure a remote syslog server to send CADF events:
svctask mksyslogserver -ip 192.0.2.1 -error on -warning on -info on -cadf onNote: The error and warning flags are CADF event types that SVC sends to syslog servers.