Configuring the logged events custom script

To configure which events are logged by your Nokia Firewall and forwarded to IBM QRadar, you must configure a custom script for your Nokia Firewall.

Procedure

  1. Using SSH, log in to Nokia Firewall as an administrative user.

    If you cannot connect to your Nokia Firewall, check that SSH is enabled. You must enable the command-line by using the Nokia Voyager web interface or connect directly by using a serial connection. For more information, see your Nokia Voyager documentation.

  2. Type the following command to edit your Nokia Firewall rc.local file:

    vi /var/etc/rc.local

  3. Add the following command to your rc.local file:

    $FWDIR/bin/fw log -ftn | /bin/logger -p local1.info &

  4. Save the changes to your rc.local file.

    The terminal is displayed.

  5. To begin logging immediately, type the following command:

    nohup $FWDIR/bin/fw log -ftn | /bin/logger -p local1.info &

    You can now configure the log source in QRadar.