Configure IBM Security Access Manager for Mobile to send
audit logs to IBM
QRadar through
TLS syslog.
Before you begin
Ensure that IBM Security Access Manager for
Mobile has access to QRadar for
TLS syslog communication.
Procedure
- Select .
- Click the Syslog tab and enter the
information in the following table.
Field |
Value |
Enable audit log |
Click Enable audit log. |
Enable verbose audit events |
Click Enable verbose audit events. Audit
events that are not verbose do not
contain the JSON payload, which contains details of user
activity.
|
Location of syslog server |
Select On a remote server |
Host |
The QRadar server
host name or IP. |
Port |
The port number that you want to use for QRadar to
accept incoming TLS syslog events. |
Protocol |
Select TLS |
Certificate database (truststore) |
The truststore that validates the syslog server certificate.
|
Enable client certificate
authentication
|
Click Enable client certificate authentication. The
client can do client certificate authentication
during the SSL handshake upon server request.
|
Certificate database (keystore)
|
The keystore for client certificate authentication. |
Certificate label |
The personal certificate for client certificate
authentication |
Enable disk failover |
Clear Enable disk failover. |
- Click Save.
- Click Click here to review the changes or apply
them to the system to review pending
changes.
- Click Deploy Changes.
The runtime server restarts automatically if
any of the new changes require a restart.