To forward syslog events to IBM
QRadar, you must configure your
Huawei AR Series Router as an information center, then configure a log host.
About this task
The log host that you create for your Huawei AR Series Router can forward events to your QRadar
Console or an Event Collector.
Procedure
-
Log in to your Huawei AR Series Router command line Interface (CLI).
-
Type the following command to access the system view:
-
Type the following command to enable the information center:
-
Type the following command to send informational level log messages to the default
channel:
info-center source default channel loghost log level informational debug state off trap
state off
- Optional:
To verify your Huawei AR Series Router source configuration, type the command:
-
Type the following command to configure the IP address for QRadar as the log host for your
switch:
info-center loghost <IP address> facility
<local>
Where:
- <IP address> is the IP address of the QRadar
Console or Event Collector.
- <local> is the syslog facility, for example, local0.
For example,
info-center loghost <IP_address> facility local0
-
Type the following command to exit the configuration:
quit
The configuration is complete. You can verify events that are
forwarded to QRadar by viewing
events on the Log Activity tab.