Integrating Nortel Switched Firewall by using syslog

This method ensures the IBM® QRadar® Nortel Switched Firewall 5100 DSM accepts events by using syslog.

About this task

To configure your Nortel Switched Firewall 5100:

Procedure

  1. Log into your Nortel Switched Firewall device command-line interface (CLI).
  2. Type the following command:

    /cfg/sys/log/syslog/add

  3. Type the IP address of your QRadar system at the following prompt:

    Enter IP address of syslog server:

    A prompt is displayed to configure the severity level.

  4. Configure info as the severity level.

    For example, Enter minimum logging severity

    (emerg | alert | crit | err | warning | notice | info | debug): info

    A prompt is displayed to configure the facility.

  5. Configure auto as the local facility.

    For example, Enter the local facility (auto | local0-local7): auto

  6. Apply the configuration:

    apply

  7. Repeat for each firewall in your cluster.

    You are now ready to configure the log source in QRadar.

  8. To configure QRadar to receive events from a Nortel Switched Firewall 5100 device by using syslog: From the Log Source Type list, select the Nortel Switched Firewall 5100 option.