Creating a syslog destination for events

To create a syslog destination for these events on IBM® Guardium®, you must log in to the command line interface (CLI) and define the IP address for IBM QRadar.

Procedure

  1. Using SSH, log in to IBM Guardium as the default user.

    Username: <username>

    Password: <password>

  2. Type the following command to configure the syslog destination for informational events:

    store remote add daemon.info <IP address>:<port> <tcp|udp>

    For example,

    store remote add daemon.info <IP_address> tcp

    Where:

    • <IP address> is the IP address of your QRadar Console or Event Collector.

    • <port> is the syslog port number that is used to communicate to the QRadar Console or Event Collector.

    • <tcp|udp> is the protocol that is used to communicate to the QRadar Console or Event Collector.

  3. Type the following command to configure the syslog destination for warning events:

    store remote add daemon.warning <IP address>:<port> <tcp|udp>

    Where:

    • <IP address> is the IP address of your QRadar Console or Event Collector.
    • <port> is the syslog port number that is used to communicate to the QRadar Console or Event Collector.
    • <tcp|udp> is the protocol that is used to communicate to the QRadar Console or Event Collector.
  4. Type the following command to configure the syslog destination for error events:

    store remote add daemon.err <IP address>:<port> <tcp|udp>

    Where:

    • <IP address> is the IP address of your QRadar Console or Event Collector.
    • <port> is the syslog port number that is used to communicate to the QRadar Console or Event Collector.
    • <tcp|udp> is the protocol that is used to communicate to the QRadar Console or Event Collector.
  5. Type the following command to configure the syslog destination for alert events:

    store remote add daemon.alert <IP address>:<port> <tcp|udp>

    Where:

    • <IP address> is the IP address of your QRadar Console or Event Collector.
    • <port> is the syslog port number that is used to communicate to the QRadar Console or Event Collector.
    • <tcp|udp> is the protocol that is used to communicate to the QRadar Console or Event Collector.

    You are now ready to configure a policy for IBM InfoSphere® Guardium.