Configuring Your Huawei S Series Switch

To forward syslog events to IBM QRadar, you must configure your Huawei S Series Switch as an information center, then configure a log host.

About this task

The log host that you create for your Huawei S Series Switch can forward events to your QRadar Console or an Event Collector.

Procedure

  1. Log in to your Huawei S Series Switch command line Interface (CLI).
  2. Type the following command to access the system view:

    system-view

  3. Type the following command to enable the information center:

    info-center enable

  4. Type the following command to send informational level log messages to the default channel:

    info-center source default channel loghost log level informational debug state off trap state off

  5. Optional: To verify your Huawei S Series Switch source configuration, type the command:

    display channel loghost

  6. Type the following command to configure the IP address for QRadar as the log host for your switch:

    info-center loghost <IP address> facility <local>

    Where:

    • <IP address> is the IP address of the QRadar Console or Event Collector.
    • <local> is the syslog facility, for example, local0.

    For example,

    info-center loghost <IP_address> facility local0

  7. Type the following command to exit the configuration:

    quit

    The configuration is complete. You can verify events that are forwarded to QRadar by viewing events on the Log Activity tab.