Configuring syslogd Using Extreme Dragon EMS V7.4.0 and earlier

If your Dragon Enterprise Management Server (EMS) is using a version earlier than V7.4.0 on the appliance, you must use syslogd for forwarding events to a Security and Information Manager such as IBM QRadar.

Procedure

  1. On the Dragon EMS system, open the following file:

    /etc/syslog.conf

  2. Add a line to forward the facility and level you configured in the syslog notification rule to QRadar.

    For example, to define the facility local1 and level notice:

    local1.notice @<IP address>

    Where:

    <IP address> is the IP address of the QRadar system.

  3. Save the file and restart syslogd.

    cd /etc/rc.d ./rc.syslog stop ./rc.syslog start

    The Extreme Dragon EMS configuration is complete.