The IBM®
QRadar® Nortel
Secure Router DSM records all relevant router events by using syslog.
About this task
Before you configure a Nortel Secure Router device in QRadar,
you must configure your device to send syslog events to QRadar.
To
configure the device to send syslog events to QRadar:
Procedure
- Log in to the Nortel Secure Router command line interface (CLI).
- Type the following to access global configuration mode:
- Type the following command:
- Type the IP address of the syslog server (QRadar system):
host_ipaddr <IP address>
Where <IP
address> is the IP address of the QRadar system.
- Ensure that remote logging is enabled:
- Verify that the logging levels are configured correctly:
show system logging syslog
The
following code is an example of the output:
------------------------------------
Syslog Setting
------------------------------------
Syslog:
Enabled Host IP Address: <IP_address> Host UDP Port: 514
Facility
Priority Setting:
facility priority
========
========
auth: info
bootp:
warning
daemon: warning
domainname:
warning
gated: warning
kern:
info
mail: warning
ntp:
warning
system: info
fr:
warning
ppp: warning
ipmux:
warning
bundle: warning
qos:
warning
hdlc: warning
local7:
warning
vpn: warning
firewall:
warning
You can now configure
the log source in QRadar.
- To configure QRadar to
receive events from a Nortel Secure Router device: From the Log
Source Type list, select the Nortel Secure
Router option.