Enable external logging to forward syslog events to IBM
QRadar.
Procedure
-
In a web browser, log in to your Encryption Management server's administrative interface.
https://<Encryption Management Server IP address>:9000
-
Click Settings.
-
Select the Enable External Syslog check box.
-
From the Protocol list, select either UDP or
TCP.
By default, QRadar uses
port 514 to receive UDP syslog or TCP syslog event messages.
-
In the Hostname field, type the IP address of your QRadar
Console or Event Collector.
-
In the Port field, type 514.
-
Click Save.
The configuration is complete. The log source is added to QRadar as Symantec Encryption
Management Server events are automatically discovered. Events that are forwarded to QRadar by the Symantec Encryption
Management Servers are displayed on the Log Activity tab of QRadar.