Configuring syslogd Using Extreme Dragon EMS V7.4.0 and earlier
If your Dragon Enterprise Management Server (EMS) is using a version earlier than V7.4.0 on the appliance, you must use syslogd for forwarding events to a Security and Information Manager such as IBM® QRadar®.
On the Dragon EMS system, open the following file:
Add a line to forward the facility and level you
configured in the syslog notification rule to QRadar.
For example, to define the facility local1 and level notice:
local1.notice @<IP address>
<IP address> is the IP address of the QRadar system.
Save the file and restart syslogd.
cd /etc/rc.d ./rc.syslog stop ./rc.syslog start
The Extreme Dragon EMS configuration is complete.