Configuring remote syslog for SMS

To configure SMS you must enable and configure your TippingPoint device to send events to a remote host by using syslog.

Before you begin

TippingPoint SMS V5.2.0 is supported in IBM QRadar.

Procedure

  1. Log in to the TippingPoint system.
  2. On the Admin Navigation menu, select Server Properties.
  3. Select the Management tab.
  4. Click Add.

    The Edit Syslog Notification window is displayed.

  5. Select the Enable check box.
  6. Configure the following values:
    1. Syslog Server - Type the IP address of the QRadar to receive syslog event messages.
    2. Port - Type 514 as the port address.
    3. Log Type - Select SMS 2.0 / 2.1 Syslog format from the list.
    4. Facility - Select Log Audit from the list.
    5. Severity - Select Severity in Event from the list.
    6. Delimiter - Select TAB as the delimiter for the generated logs.
    7. Include Timestamp in Header - Select Use original event timestamp.
    8. Select the Include SMS Hostname in Header check box.
    9. Click OK.
    10. You are now ready to configure the log source in QRadar.
  7. To configure QRadar to receive events from a TippingPoint device: From the Log Source Type list, select the TippingPoint Intrusion Prevention System (IPS) option.

    For more information about your TippingPoint device, see your vendor documentation.