Cisco VPN 3000 Concentrator
The IBM® QRadar® DSM for Cisco VPN 3000 Concentrator accepts Cisco VPN Concentrator events by using syslog.
About this task
QRadar records all relevant events. Before you can integrate with a Cisco VPN concentrator, you must configure your device to forward syslog events to QRadar.
- Log in to the Cisco VPN 3000 Concentrator command-line interface (CLI).
- Type the following command to add a syslog server to your
set logging server <IP address>
Where <IP address> is the IP address of QRadar or your Event Collector.
- Type the following command to enable system messages to
be logged to the configured syslog servers:
set logging server enable
- Set the facility and severity level for syslog server messages:
set logging server facility <server_facility_parameter>
set logging server severity <server_severity_level>
The log source is added to QRadar as Cisco VPN Concentrator events are automatically discovered. Events that are forwarded to QRadar are displayed on the Log Activity tab of QRadar.