The IBM
QRadar Nortel
Ethernet Routing Switch (ERS) 8300/8600 DSM records all relevant events by using syslog.
About this task
Before you configure a Nortel ERS 8600 device in QRadar, you must configure your
device to send syslog events to QRadar.
To configure the device to send syslog events to QRadar:
Procedure
- Log in to the Nortel ERS 8300/8600 command-line interface (CLI).
- Type the following command:
config sys syslog host <ID>
Where <ID> is the ID of the host you wish to configure to send syslog
events to QRadar.
For the syslog host ID, the valid range is 1 - 10.
- Type the IP address of your QRadar system:
address <IP address>
Where <IP address> is the IP address of your QRadar system.
- Type the facility for accessing the syslog host.
- Enable the host:
- Type the severity level for which syslog messages are sent:
- Enable the ability to send syslog messages:
- Verify the syslog configuration for the host:
sylog host <ID> info
For example, the output might resemble the following:
ERS-8606:5/config/sys/syslog/host/1# info Sub-Context: Current Context: address :
192.0.2.1 create : 1 delete : N/A facility : local6 host : enable mapinfo : info mapwarning :
warning maperror : error mapfatal : emergency severity : info|warning|error|fatal udp-port : 514
ERS-8606:5/config/sys/syslog/host/1#
You can now configure the log source in QRadar.
- To configure QRadar
to receive events from a Nortel ERS 8300/8600 device: From the Log Source
Type list, select the Nortel Ethernet Routing Switch 8300/8600
option.