Configuring Cisco FWSM to forward syslog events
To integrate Cisco FWSM with IBM® QRadar®, you must configure your Cisco FWSM appliances to forward syslog events to QRadar.
- Use a console connection, telnet, or SSH, to log in to the Cisco FWSM.
Change the logging level:
logging trap <level>
Where <level> is set from levels 1-7. By default, the logging trap level is set to 3 (error).
Designate QRadar as a
host to receive the messages:
logging host [interface] ip_address [tcp[/port] | udp[/port]] [format emblem]
logging host dmz1 192.0.2.1
Where 192.0.2.1 is the IP address of your QRadar system.
You are now ready to configure the log source in QRadar.