Extreme NetSight Automatic Security Manager
The Extreme NetSight Automatic Security Manager DSM for IBM® QRadar® accepts events by using syslog.
About this task
QRadar records all relevant events. Before you configure an Extreme NetSight Automatic Security Manager device in QRadar, you must configure your device to forward syslog events.
To configure the device to send syslog events to QRadar:
- Log in to the Automatic Security Manager user interface.
- Click the Automated Security Manager icon
to access the Automated Security Manager Configuration window.
Note: You can also access the Automated Security Manager Configuration window from the Tool menu.
- From the left navigation menu, select Rule Definitions.
- Choose one of the following options:
If a rule is configured, highlight the rule. Click Edit.
- To create a new rule, click Create.
- Select the Notifications check box.
- Click Edit.
The Edit Notifications window is displayed.
- Click Create.
The Create Notification window is displayed.
- Using the Type list, select Syslog.
- In the Syslog Server IP/Name field, type the IP address of the device that receives syslog traffic.
- Click Apply.
- Click Close.
- In the Notification list, select the notification that is configured.
- Click OK.
- You are now ready to configure the log source in QRadar.
To configure QRadar to receive events from an Extreme NetSight Automatic Security Manager device, select Extreme NetsightASM from the Log Source Type list.
For more information about your Extreme NetSight Automatic Security Manager device, see your vendor documentation.