To forward syslog events from an F5 Networks BIG-IP FirePass SSL VPN appliance to IBM
QRadar, you must enable and
configure a remote log server.
About this task
The remote log server can forward events directly to your QRadar
Console or any Event Collector in your
deployment.
Procedure
-
Log in to the F5 Networks FirePass Admin Console.
-
On the navigation pane, select .
-
From the System Logs menu, select the Enable Remote Log
Server check box.
-
From the System Logs menu, clear the Enable Extended System
Logs check box.
-
In the Remote host parameter, type the IP address or host name of your
QRadar.
-
From the Log Level list, select
Information.
The Log Level parameter monitors application level system messages.
-
From the Kernel Log Level list, select
Information.
The Kernel Log Level parameter monitors Linux® kernel system messages.
-
Click Apply System Log Changes.
The changes are applied and the configuration is complete. The log source is added to QRadar as F5 Networks FirePass
events are automatically discovered. Events that are forwarded to QRadar by F5 Networks BIG-IP ASM
are displayed on the Log Activity tab in QRadar.