The IBM
QRadar Nortel
Ethernet Routing Switch (ERS) 2500/4500/5500 DSM records all relevant
routing switch events by using syslog.
About this task
Before configuring a Nortel ERS 2500/4500/5500 device
in QRadar,
you must configure your device to send syslog events to QRadar.
To
configure the device to send syslog events to QRadar:
Procedure
- Log in to the Nortel ERS 2500/4500/5500 user interface.
- Type the following commands to access global configuration
mode:
- Type informational as the severity
level for the logs you want to send to the remote server.
For
example, logging remote level {critical|informational|serious|none}
logging
remote level informational
Where a severity level
of informational
sends all logs to the syslog server.
- Enable the host:
- Type the remote logging address:
logging
remote address <IP address>
Where <IP
address> is the IP address of the QRadar system.
- Ensure that remote logging is enabled:
You can now configure
the log source in QRadar.
- To configure to receive events from a Nortel ERS 2500/4500/5500
device: From the Log Source Type list, select
the Nortel Ethernet Routing Switch 2500/4500/5500 option.