To forward syslog events to IBM
QRadar, you must configure your
Huawei S Series Switch as an information center, then configure a log host.
About this task
The log host that you create for your Huawei S Series Switch can forward events to your QRadar
Console or an Event Collector.
Procedure
-
Log in to your Huawei S Series Switch command line Interface (CLI).
-
Type the following command to access the system view:
-
Type the following command to enable the information center:
-
Type the following command to send informational level log messages to the default
channel:
info-center source default channel loghost log level informational debug state off trap
state off
- Optional:
To verify your Huawei S Series Switch source configuration, type the command:
-
Type the following command to configure the IP address for QRadar as the log host for your
switch:
info-center loghost <IP address> facility
<local>
Where:
- <IP address> is the IP address of the QRadar
Console or Event Collector.
- <local> is the syslog facility, for example, local0.
For example,
info-center loghost <IP_address> facility local0
-
Type the following command to exit the configuration:
quit
The configuration is complete. You can verify events that are forwarded to QRadar by viewing events on the
Log Activity tab.