To configure which events are logged by your Nokia Firewall and forwarded to IBM
QRadar, you must configure a
custom script for your Nokia Firewall.
Procedure
-
Using SSH, log in to Nokia Firewall as an administrative user.
If you cannot connect to your Nokia Firewall, check that SSH is enabled. You must enable the
command-line by using the Nokia Voyager web interface or connect directly by using a serial
connection. For more information, see your Nokia Voyager documentation.
-
Type the following command to edit your Nokia Firewall rc.local
file:
-
Add the following command to your rc.local file:
$FWDIR/bin/fw log -ftn | /bin/logger -p local1.info &
-
Save the changes to your rc.local file.
The terminal is displayed.
-
To begin logging immediately, type the following command:
nohup $FWDIR/bin/fw log -ftn | /bin/logger -p local1.info &
You can now configure the log source in QRadar.