Configuring Cisco Nexus to forward events
You can configure syslog on your Cisco Nexus server to forward events:
Procedure
-
Type the following command to switch to configuration mode:
config t
-
Type the following commands:
logging server <IP address> <severity>
Where:
-
<IP address> is the IP address of your QRadar Console.
-
<severity> is the severity level of the event messages, that range 0 - 7 in value.
For example,
logging server 192.0.2.1 6
forwards information level (6) syslog messages to 192.0.2.1. -
-
Type the following command to configure the interface for sending syslog events:
logging source-interface loopback
-
Type the following command to save your current configuration as the startup
configuration:
copy running-config startup-config
The configuration is complete. The log source is added to IBM QRadar as Cisco Nexus events are automatically discovered. Events that are forwarded to QRadar by Cisco Nexus are displayed on the Log Activity tab of QRadar.