To collect events, configure a syslog server on your Juniper WLC system to forward syslog
events to IBM®
QRadar®.
Procedure
-
Log in to the command-line interface of the Juniper WLC appliance.
-
To configure a syslog server, type the following command:
set log server <ip-addr> [port 514 severity <severity-level> local-facility
<facility-level>]
Example:
set log server 1.1.1.1 port 514 severity error local-facility local0.
-
To save the configuration, type the following command:
save configuration
As events are generated by the Juniper WLC appliance, they are forwarded to the syslog
destination you specified. The log source is automatically discovered after enough events are
forwarded to QRadar. It
typically takes a minimum of 25 events to automatically discover a log source.
What to do next
Administrators can log in to the QRadar
Console and verify that the log source
is created. The Log Activity tab displays events from the Juniper WLC
appliance.