Configuring notification contacts for LSM

If you are using an LSM device, you need to configure LSM notification contacts.

Procedure

  1. Log in to the TippingPoint system.
  2. From the LSM menu, select IPS > Action Sets.

    The IPS Profile - Action Sets window is displayed.

  3. Click the Notification Contacts tab.
  4. In the Contacts List, click Remote System Log.

    The Edit Notification Contact page is displayed.

  5. Configure the following values:
    1. Syslog Server - Type the IP address of the QRadar to receive syslog event messages.
    2. Port - Type 514 as the port address.
    3. Alert Facility - Select none or a numeric value 0-31 from the list. Syslog uses these numbers to identify the message source.
    4. Block Facility - Select none or a numeric value 0-31 from the list. Syslog uses these numbers to identify the message source.
    5. Delimiter - Select TAB from the list.
    6. Click Add to table below.
    7. Configure a Remote system log aggregation period in minutes.
  6. Click Save.
    Note: If your QRadar is in a different subnet than your TippingPoint device, you might have to add static routes. For more information, see your vendor documentation.

What to do next

You are now ready to configure the action set for LSM, see Configuring an Action Set for LSM.