Nortel Secure Router

The IBM® QRadar® Nortel Secure Router DSM records all relevant router events by using syslog.

About this task

Before you configure a Nortel Secure Router device in QRadar, you must configure your device to send syslog events to QRadar.

To configure the device to send syslog events to QRadar:


  1. Log in to the Nortel Secure Router command line interface (CLI).
  2. Type the following to access global configuration mode:

    config term

  3. Type the following command:

    system logging syslog

  4. Type the IP address of the syslog server (QRadar system):

    host_ipaddr <IP address>

    Where <IP address> is the IP address of the QRadar system.

  5. Ensure that remote logging is enabled:


  6. Verify that the logging levels are configured correctly:

    show system logging syslog

    The following code is an example of the output:

    ------------------------------------ Syslog Setting

    ------------------------------------ Syslog:

    Enabled Host IP Address: <IP_address> Host UDP Port: 514

    Facility Priority Setting:

    facility priority

    ======== ========

    auth: info

    bootp: warning

    daemon: warning

    domainname: warning

    gated: warning

    kern: info

    mail: warning

    ntp: warning

    system: info

    fr: warning

    ppp: warning

    ipmux: warning

    bundle: warning

    qos: warning

    hdlc: warning

    local7: warning

    vpn: warning

    firewall: warning

    You can now configure the log source in QRadar.

  7. To configure QRadar to receive events from a Nortel Secure Router device: From the Log Source Type list, select the Nortel Secure Router option.