You can configure a Cisco IOS-based device to forward events.
About this task
Take the following steps to configure your Cisco device:
Procedure
-
Log in to your Cisco IOS Server, switch, or router.
-
Type the following command to log in to the router in privileged-exec:
-
Type the following command to switch to configuration mode:
-
Type the following commands:
logging <IP address>
logging source-interface <interface>
Where:
-
<IP address> is the IP address of the IBM
QRadar host and the SIM
components.
-
<interface> is the name of the interface, for example, dmz, lan, ethernet0,
or ethernet1.
-
Type the following to configure the priority level:
logging trap
warning
logging console
warning
Where warning is the priority setting for the logs.
-
Configure the syslog facility:
-
Save and exit the file.
-
Copy the running-config to startup-config by typing
the following command:
copy running-config startup-config
You are now ready to configure the log source in QRadar.
The configuration is complete. The log source is added to QRadar as Cisco IOS events are
automatically discovered. Events that are forwarded to QRadar by Cisco IOS-based devices
are displayed on the Log Activity tab of QRadar.