Configuring Cisco FWSM to forward syslog events

To integrate Cisco FWSM with IBM QRadar, you must configure your Cisco FWSM appliances to forward syslog events to QRadar.

Procedure

  1. Use a console connection, telnet, or SSH, to log in to the Cisco FWSM.
  2. Enable logging:

    logging on

  3. Change the logging level:

    logging trap <level>

    Where <level> is set from levels 1-7. By default, the logging trap level is set to 3 (error).

  4. Designate QRadar as a host to receive the messages:

    logging host [interface] ip_address [tcp[/port] | udp[/port]] [format emblem]

    For example:

    logging host dmz1 192.0.2.1

    Where 192.0.2.1 is the IP address of your QRadar system.

    You are now ready to configure the log source in QRadar.