Configuring Enterasys HiGuard

To configure the device to forward syslog events:

Procedure

  1. Log in to the HiGuard Wireless IPS user interface.
  2. In the left navigation pane, click Syslog, which allows the management server to send events to designated syslog receivers.

    The Syslog Configuration pane is displayed.

  3. In the System Integration Status section, enable syslog integration.

    Enabling syslog integration allows the management server to send messages to the configured syslog servers. By default, the management server enables syslog.

    The Current Status field displays the status of the syslog server. The choices are: Running or Stopped. An error status is displayed if one of the following occurs:

    • One of the configured and enabled syslog servers includes a host name that cannot be resolved.
    • The management server is stopped.
    • An internal error occurred. If this error occurs, contact Enterasys Technical Support.
  4. From Manage Syslog Servers, click Add.

    The Syslog Configuration window is displayed.

  5. Type values for the following parameters:
    • Syslog Server (IP Address/Hostname) - Type the IP address or host name of the syslog server where events are sent.
    Note: Configured syslog servers use the DNS names and DNS suffixes configured in the Server initialization and Setup Wizard on the HWMH Config Shell.
    • Port Number - Type the port number of the syslog server to which HWMH sends events. The default is 514.
    • Message Format - Select Plain Text as the format for sending events.
    • Enabled? - Select Enabled? if you want events to be sent to this syslog server.
  6. Save your configuration.

    The configuration is complete. The log source is added to IBM QRadar as HiGuard events are automatically discovered. Events that are forwarded to QRadar by Enterasys HiGuard are displayed on the Log Activity tab of QRadar.