To integrate IBM
QRadar with a Foundry FastIron RX device, you must configure the appliance to forward syslog events.
Procedure
-
Log in to the Foundry FastIron device command-line interface (CLI).
-
Type the following command to enable logging:
logging on
Local syslog is now enabled with the following defaults:
- Messages of all syslog levels (Emergencies - Debugging) are logged.
- Up to 50 messages are retained in the local syslog buffer.
- No syslog server is specified.
-
Type the following command to define an IP address for the syslog server:
logging host <IP Address>
Where <IP Address> is the IP address of your QRadar.
You are now ready to configure the log source in QRadar.