To configure SMS you must enable and configure your TippingPoint device to send events to
a remote host by using syslog.
Before you begin
TippingPoint SMS V5.2.0 is supported in IBM
QRadar.
Procedure
-
Log in to the TippingPoint system.
-
On the Admin Navigation menu, select Server
Properties.
-
Select the Management tab.
-
Click Add.
The Edit Syslog Notification window is displayed.
-
Select the Enable check box.
-
Configure the following values:
-
Syslog Server - Type the IP address of the QRadar to receive syslog event
messages.
-
Port - Type 514 as the port address.
-
Log Type - Select SMS 2.0 / 2.1 Syslog format
from the list.
-
Facility - Select Log Audit from the list.
-
Severity - Select Severity in Event from the
list.
-
Delimiter - Select TAB as the delimiter for the
generated logs.
-
Include Timestamp in Header - Select Use original event
timestamp.
-
Select the Include SMS Hostname in Header check box.
-
Click OK.
-
You are now ready to configure the log source in QRadar.
-
To configure QRadar to
receive events from a TippingPoint device: From the Log Source Type list,
select the TippingPoint Intrusion Prevention System (IPS) option.
For more information about your TippingPoint device, see your vendor documentation.