The Open LDAP DSM for IBM®
QRadar® accepts UDP Multiline
syslog events from Open LDAP installations that are configured to log stats events by using logging
Open LDAP events are forwarded to QRadar by using port 514. The
events must be redirected to the port that is configured for the UDP Multiline syslog protocol. QRadar does not support UDP
Multiline syslog on the standard listen port 514.
UDP Multiline Syslog events can be assigned to any available port that is not in use, other
than port 514. The default port that is assigned to the UDP Multiline Syslog protocol is port 517.
If port 517 is already being used in your network, see the QRadar port usage
QRadar Administration Guide
or the IBM Knowledge Center
) for a list of ports that are used by QRadar
Important: Forward the UDP Multiline syslog events directly to the chosen port (default
517) from your Open LDAP device. If you can't send events to this port directly, you can use the
backup method of configuring IPtables for UDP Multiline Syslog events.