Configuring Cisco ACE Firewall

Before you can collect Cisco ACE Firewall logs in IBM QRadar, you must forward Cisco ACE device logs to QRadar.

1. Log in to your Cisco ACE device.
2. From the Shell Interface, select Main Menu > Advanced Options > Syslog Configuration.
3. The Syslog Configuration menu varies depending on whether there are any syslog destination hosts configured yet. If no syslog destinations are configured, create one by selecting the Add First Server option. Click OK.
4. Type the host name or IP address of the destination host and port in the First Syslog Server field. Click OK.

   The system restarts with new settings. When finished, the Syslog server window displays the host that is configured.

5. Click OK.

   The Syslog Configuration menu is displayed. Notice that options for editing the server configuration, removing the server, or adding a second server are now available.

6. If you want to add another server, click Add Second Server.

   At any time, click the View Syslog options to view existing server configurations.

7. To return to the Advanced menu, click Return.

   The configuration is complete. The log source is added to QRadar as Cisco ACE Firewall events are automatically discovered. Events that are forwarded to QRadar by Cisco ACE Firewall appliances are displayed on the Log Activity tab of QRadar.