Configuring Your Huawei AR Series Router

To forward syslog events to IBM QRadar, you must configure your Huawei AR Series Router as an information center, then configure a log host.

About this task

The log host that you create for your Huawei AR Series Router can forward events to your QRadar Console or an Event Collector.

Procedure

  1. Log in to your Huawei AR Series Router command line Interface (CLI).
  2. Type the following command to access the system view:

    system-view

  3. Type the following command to enable the information center:

    info-center enable

  4. Type the following command to send informational level log messages to the default channel:

    info-center source default channel loghost log level informational debug state off trap state off

  5. Optional: To verify your Huawei AR Series Router source configuration, type the command:

    display channel loghost

  6. Type the following command to configure the IP address for QRadar as the log host for your switch:

    info-center loghost <IP address> facility <local>

    Where:

    • <IP address> is the IP address of the QRadar Console or Event Collector.
    • <local> is the syslog facility, for example, local0.

    For example,

    info-center loghost <IP_address> facility local0

  7. Type the following command to exit the configuration:

    quit

    The configuration is complete. You can verify events that are forwarded to QRadar by viewing events on the Log Activity tab.