To collect security and audit events, you must configure your Raz-Lee iSecurity
installation to forward syslog events to IBM
QRadar.
Procedure
-
Log in to the IBM i
command-line interface.
-
Type the following command to access the audit menu options:
-
From the Audit menu, select 81. System
Configuration.
-
From the iSecurity/Base System Configuration menu, select 31.
SYSLOG Definitions.
-
Configure the following parameters:
-
Send SYSLOG message - Select Yes.
-
Destination address - Type the IP address of QRadar.
-
"Facility" to use - Type a facility level.
-
"Severity" range to auto send - Type a severity level.
-
Message structure - Type any additional message structure parameters
that are needed for your syslog messages.
What to do next
Syslog events that are forwarded by Raz-Lee iSecurity are automatically discovered by QRadar by the IBM i DSM. In most cases, the log source is
automatically created in QRadar after a few events are detected. If the event rate is low, then you might be required to manually
create a log source for Raz-Lee iSecurity in QRadar. Until the log source is
automatically discovered and identified, the event type displays as Unknown on the
Log Activity tab of QRadar.