To collect IBM® DataPower® events, configure your third-party system to send events to IBM
QRadar.
Before you begin
Review the DataPower logging documents to
determine which logging configuration changes are appropriate for your deployment. See IBM Knowledge Center
(https://www.ibm.com/docs/en/SS9H2Y_10cd/com.ibm.dp.doc/logtarget_logs.html).
Procedure
-
Log in to your IBM DataPower system.
-
In the search box on the left navigation menu, type Log Target.
-
Select the matching result.
-
Click Add.
-
In the Main tab, type a name for the log target.
-
From the Target Type list, select syslog.
-
In the Local Identifier field, type an identifier to be displayed in
the Syslog event payloads parameter on the QRadar user interface.
-
In the Remote Host field, type the IP address or host name of your QRadar Console or Event
Collector.
-
In the Remote Port field, type 514.
-
Under Event Subscriptions, add a base logging configuration with the
following parameters:
Parameter |
Value |
Event Category |
all |
Minimum Event Priority |
warning Important: To prevent a decrease in system
performance, do not use more than one word for the Minimum Event Priority
parameter.
|
-
Apply the changes to the log target.
-
Review and save the configuration changes.