You can configure Cisco NAC to forward syslog events:
Procedure
-
Log in to the Cisco NAC user interface.
-
In the Monitoring section, select Event Logs.
-
Click the Syslog Settings tab.
-
In the Syslog Server Address field, type the IP address of your IBM
QRadar.
-
In the Syslog Server Port field, type the syslog port number. The
default is 514.
-
In the System Health Log Interval field, type the frequency, in minutes,
for system statistic log events.
-
Click Update.
You are now ready to configure the log source in QRadar.