Configure IBM® Federated Directory Server to monitor security events, which are generated when an entry is added, modified, or deleted in the target
Procedure
-
Log in to your IBM Federated Directory Server.
-
In the navigation pane, under Common Settings, click
Monitoring.
-
On the Monitoring page, click the QRadar
tab.
-
To indicate that you want to monitor security events, on the QRadar
page, select Enabled .
-
Configure the parameters
-
In the Map file field, specify the path and file name of
the map file that configures the various QRadar
LEEF attributes for the event.
-
Click Select to browse for the map file. The default
value points to the LDAPSync/QRadar.map file.
-
In the Date format mask field, specify a standard Java™ SimpleDateFormat mask to use for date values
that are written in mapped LEEF attributes.
This value controls both the value of the
devTimeFormat attribute and the formatting of
date values in the event. The default value is the ISO 8601 standard mask,
MMM dd yy HH:mm:ss, which creates a string,
Oct 16 12 15:15:57.