Configuring IBM Federated Directory Server to monitor security events

Configure IBM® Federated Directory Server to monitor security events, which are generated when an entry is added, modified, or deleted in the target

Procedure

  1. Log in to your IBM Federated Directory Server.
  2. In the navigation pane, under Common Settings, click Monitoring.
  3. On the Monitoring page, click the QRadar tab.
  4. To indicate that you want to monitor security events, on the QRadar page, select Enabled .
  5. Configure the parameters
  6. In the Map file field, specify the path and file name of the map file that configures the various QRadar LEEF attributes for the event.
  7. Click Select to browse for the map file. The default value points to the LDAPSync/QRadar.map file.
  8. In the Date format mask field, specify a standard Java™ SimpleDateFormat mask to use for date values that are written in mapped LEEF attributes.

    This value controls both the value of the devTimeFormat attribute and the formatting of date values in the event. The default value is the ISO 8601 standard mask, MMM dd yy HH:mm:ss, which creates a string, Oct 16 12 15:15:57.