To collect events, you must configure a syslog server on your Juniper WLC system to
forward syslog events to IBM
QRadar.
Procedure
-
Log in to the RingMaster software.
-
From the Organizer panel, select a Wireless LAN Controller.
-
From the System panel, select Log.
-
From the Task panel, select Create Syslog
Server.
-
In the Syslog Server field, type the IP address of your QRadar system.
-
In the Port field, type 514.
-
From the Severity Filter list, select a severity.
Logging debug severity events can negatively affect system performance on the Juniper WLC
appliance. It is a good practice for administrators to log events at the error or warning severity
level and slowly increase the level to get the data you need. The default severity level is
error.
-
From the Facility Mapping list, select a facility between local 0 -
local 7.
-
Click Finish.
As events are generated by the Juniper WLC appliance, they are forwarded to the syslog
destination you specified. The log source is automatically discovered after enough events are
forwarded to QRadar. It
typically takes a minimum of 25 events to automatically discover a log source.
What to do next
Administrators can log in to the QRadar
Console and verify that the log source
is created on the QRadar
Console. The
Log Activity tab displays events from the Juniper WLC appliance.