Creating a syslog destination for events
To create a syslog destination for these events on IBM® Guardium®, you must log in to the command line interface (CLI) and define the IP address for IBM QRadar.
Procedure
-
Using SSH, log in to IBM
Guardium as the default user.
Username: <username>
Password: <password>
-
Type the following command to configure the syslog destination for informational events:
store remote add daemon.info <IP address>:<port> <tcp|udp>
For example,
store remote add daemon.info <IP_address> tcp
Where:
-
<IP address> is the IP address of your QRadar Console or Event Collector.
-
<port> is the syslog port number that is used to communicate to the QRadar Console or Event Collector.
-
<tcp|udp> is the protocol that is used to communicate to the QRadar Console or Event Collector.
-
-
Type the following command to configure the syslog destination for warning events:
store remote add daemon.warning <IP address>:<port> <tcp|udp>
Where:
- <IP address> is the IP address of your QRadar Console or Event Collector.
- <port> is the syslog port number that is used to communicate to the QRadar Console or Event Collector.
- <tcp|udp> is the protocol that is used to communicate to the QRadar Console or Event Collector.
-
Type the following command to configure the syslog destination for error events:
store remote add daemon.err <IP address>:<port> <tcp|udp>
Where:
- <IP address> is the IP address of your QRadar Console or Event Collector.
- <port> is the syslog port number that is used to communicate to the QRadar Console or Event Collector.
- <tcp|udp> is the protocol that is used to communicate to the QRadar Console or Event Collector.
-
Type the following command to configure the syslog destination for alert events:
store remote add daemon.alert <IP address>:<port> <tcp|udp>
Where:
- <IP address> is the IP address of your QRadar Console or Event Collector.
- <port> is the syslog port number that is used to communicate to the QRadar Console or Event Collector.
- <tcp|udp> is the protocol that is used to communicate to the QRadar Console or Event Collector.
You are now ready to configure a policy for IBM InfoSphere® Guardium.