To collect H3C Comware Platform events, enable syslog settings and configure a log host.
H3C Switches, H3C Routers, H3C Wireless LAN Devices, and H3C IP Security Devices are supported by
QRadar.
Procedure
-
Log in to the command line interface by using the console port, or by
using Telnet or SSH.
For more information about login methods, see the Logging into the CLI section in
the configuration guide for your H3C devices.
-
To access the system view, type the <system_name>
system-view command.
-
To enable the syslog settings, type the following commands in the order that they are
listed.
- info-center source default loghost deny
- info-center source AAA loghost level informational
- info-center source ACL loghost level informational
- info-center source FIPS loghost level informational
- info-center source HTTPD loghost level informational
- info-center source IKE loghost level informational
- info-center source IPSEC loghost level informational
- info-center source LOGIN loghost level informational
- info-center source LS loghost level informational
- info-center source PKI loghost level informational
- info-center source PORTSEC loghost level informational
- info-center source PWDCTL loghost level informational
- info-center source RADIUS loghost level informational
- info-center source SHELL loghost level informational
- info-center source SNMP loghost level informational
- info-center source SSHS loghost level informational
- info-center source TACACS loghost level informational
- info-center loghost <QRadar Event Collector IP>
514
-
To exit the system view, type the quit
<system_name> command.