Configuring Symantec Encryption Management Server to communicate with QRadar®

Enable external logging to forward syslog events to IBM QRadar.

Procedure

  1. In a web browser, log in to your Encryption Management server's administrative interface.

    https://<Encryption Management Server IP address>:9000

  2. Click Settings.
  3. Select the Enable External Syslog check box.
  4. From the Protocol list, select either UDP or TCP.

    By default, QRadar uses port 514 to receive UDP syslog or TCP syslog event messages.

  5. In the Hostname field, type the IP address of your QRadar Console or Event Collector.
  6. In the Port field, type 514.
  7. Click Save.

    The configuration is complete. The log source is added to QRadar as Symantec Encryption Management Server events are automatically discovered. Events that are forwarded to QRadar by the Symantec Encryption Management Servers are displayed on the Log Activity tab of QRadar.