Cisco VPN 3000 Concentrator

The IBM® QRadar® DSM for Cisco VPN 3000 Concentrator accepts Cisco VPN Concentrator events by using syslog.

About this task

QRadar records all relevant events. Before you can integrate with a Cisco VPN concentrator, you must configure your device to forward syslog events to QRadar.


  1. Log in to the Cisco VPN 3000 Concentrator command-line interface (CLI).
  2. Type the following command to add a syslog server to your configuration:

    set logging server <IP address>

    Where <IP address> is the IP address of QRadar or your Event Collector.

  3. Type the following command to enable system messages to be logged to the configured syslog servers:

    set logging server enable

  4. Set the facility and severity level for syslog server messages:
    • set logging server facility <server_facility_parameter>

    • set logging server severity <server_severity_level>


The log source is added to QRadar as Cisco VPN Concentrator events are automatically discovered. Events that are forwarded to QRadar are displayed on the Log Activity tab of QRadar.