Configuring a syslog server from the Juniper WLC user interface

To collect events, you must configure a syslog server on your Juniper WLC system to forward syslog events to IBM QRadar.

Procedure

  1. Log in to the RingMaster software.
  2. From the Organizer panel, select a Wireless LAN Controller.
  3. From the System panel, select Log.
  4. From the Task panel, select Create Syslog Server.
  5. In the Syslog Server field, type the IP address of your QRadar system.
  6. In the Port field, type 514.
  7. From the Severity Filter list, select a severity.

    Logging debug severity events can negatively affect system performance on the Juniper WLC appliance. It is a good practice for administrators to log events at the error or warning severity level and slowly increase the level to get the data you need. The default severity level is error.

  8. From the Facility Mapping list, select a facility between local 0 - local 7.
  9. Click Finish.

    As events are generated by the Juniper WLC appliance, they are forwarded to the syslog destination you specified. The log source is automatically discovered after enough events are forwarded to QRadar. It typically takes a minimum of 25 events to automatically discover a log source.

What to do next

Administrators can log in to the QRadar Console and verify that the log source is created on the QRadar Console. The Log Activity tab displays events from the Juniper WLC appliance.