To integrate Cisco FWSM with IBM
QRadar, you must configure your
Cisco FWSM appliances to forward syslog events to QRadar.
Procedure
-
Use a console connection, telnet, or SSH, to log in to the Cisco FWSM.
-
Enable logging:
-
Change the logging level:
logging trap <level>
Where <level> is set from levels 1-7. By default, the logging trap level is
set to 3 (error).
-
Designate QRadar as a
host to receive the messages:
logging host [interface] ip_address
[tcp[/port] | udp[/port]] [format emblem]
For example:
logging host dmz1 192.0.2.1
Where 192.0.2.1 is the IP address of your QRadar system.
You are now ready to configure the log source in QRadar.