Configuring Cisco IOS to forward events

You can configure a Cisco IOS-based device to forward events.

About this task

Take the following steps to configure your Cisco device:

Procedure

  1. Log in to your Cisco IOS Server, switch, or router.
  2. Type the following command to log in to the router in privileged-exec:

    enable

  3. Type the following command to switch to configuration mode:

    conf t

  4. Type the following commands:

    logging <IP address>

    logging source-interface <interface>

    Where:

    • <IP address> is the IP address of the IBM QRadar host and the SIM components.

    • <interface> is the name of the interface, for example, dmz, lan, ethernet0, or ethernet1.

  5. Type the following to configure the priority level:

    logging trap warning

    logging console warning

    Where warning is the priority setting for the logs.

  6. Configure the syslog facility:

    logging facility syslog

  7. Save and exit the file.
  8. Copy the running-config to startup-config by typing the following command:

    copy running-config startup-config

    You are now ready to configure the log source in QRadar.

    The configuration is complete. The log source is added to QRadar as Cisco IOS events are automatically discovered. Events that are forwarded to QRadar by Cisco IOS-based devices are displayed on the Log Activity tab of QRadar.