Configuring a syslog server with the command-line interface for Juniper WLC

To collect events, configure a syslog server on your Juniper WLC system to forward syslog events to IBM® QRadar®.


  1. Log in to the command-line interface of the Juniper WLC appliance.
  2. To configure a syslog server, type the following command:

    set log server <ip-addr> [port 514 severity <severity-level> local-facility <facility-level>]


    set log server port 514 severity error local-facility local0.

  3. To save the configuration, type the following command:

    save configuration

    As events are generated by the Juniper WLC appliance, they are forwarded to the syslog destination you specified. The log source is automatically discovered after enough events are forwarded to QRadar. It typically takes a minimum of 25 events to automatically discover a log source.

What to do next

Administrators can log in to the QRadar Console and verify that the log source is created. The Log Activity tab displays events from the Juniper WLC appliance.