Nortel Ethernet Routing Switch 2500/4500/5500

The IBM QRadar Nortel Ethernet Routing Switch (ERS) 2500/4500/5500 DSM records all relevant routing switch events by using syslog.

About this task

Before configuring a Nortel ERS 2500/4500/5500 device in QRadar, you must configure your device to send syslog events to QRadar.

To configure the device to send syslog events to QRadar:

Procedure

  1. Log in to the Nortel ERS 2500/4500/5500 user interface.
  2. Type the following commands to access global configuration mode:

    ena

    config term

  3. Type informational as the severity level for the logs you want to send to the remote server.

    For example, logging remote level {critical|informational|serious|none}

    logging remote level informational

    Where a severity level of informational sends all logs to the syslog server.

  4. Enable the host:

    host enable

  5. Type the remote logging address:

    logging remote address <IP address>

    Where <IP address> is the IP address of the QRadar system.

  6. Ensure that remote logging is enabled:

    logging remote enable

    You can now configure the log source in QRadar.
  7. To configure to receive events from a Nortel ERS 2500/4500/5500 device: From the Log Source Type list, select the Nortel Ethernet Routing Switch 2500/4500/5500 option.