To collect events in a format compatible with IBM
QRadar, you must enable SNMP to
syslog conversion and configure a syslog destination.
Procedure
-
Use SSH to log in to the command-line interface of your Oracle Acme Packet SBC installation, as
an administrator.
-
Type the following command to start the configuration mode:
-
Type the following commands to start the system configuration:
(configure)# system (system)# (system)# system-config (system-config)#
sel
The sel command is required to select a single-instance of the system
configuration object.
-
Type the following commands to configure your QRadar system as a syslog
destination:
(system-config)# syslog-servers (syslog-config)# address <QRadar IP
address> (syslog-config)# done
-
Type the following commands to enable SNMP traps and syslog conversion
for SNMP trap notifications:
(system-config)# enable-snmp-auth-traps enabled (system-config)# enable-snmp-syslog-notify enabled (system-config)# enable-snmp-monitor-traps enabled (system-config)# ids-syslog-facility 4 (system-config)# done
-
Type the following commands to return to configuration mode:
(system-config)# exit (system)# exit (configure)#