If your Dragon Enterprise Management Server (EMS) is using a version earlier than V7.4.0
on the appliance, you must use syslogd for forwarding events to a Security and Information Manager
such as IBM
QRadar.
Procedure
-
On the Dragon EMS system, open the following file:
-
Add a line to forward the facility and level you
configured in the syslog notification rule to QRadar.
For example, to define the facility local1 and level
notice:
local1.notice @<IP address>
Where:
<IP address> is the IP address of the QRadar system.
-
Save the file and restart syslogd.
cd /etc/rc.d ./rc.syslog stop ./rc.syslog start
The Extreme Dragon EMS configuration is complete.