Nortel VPN Gateway

The IBM® QRadar® Nortel VPN Gateway DSM accepts events by using syslog.

About this task

QRadar records all relevant operating system (OS), system control, traffic processing, startup, configuration reload, AAA, and IPsec events. Before you configure a Nortel VPN Gateway device in QRadar, you must configure your device to send syslog events to QRadar.

To configure the device to send syslog events to QRadar:

Procedure

  1. Log in to the Nortel VPN Gateway command-line interface (CLI).
  2. Type the following command:

    /cfg/sys/syslog/add

  3. At the prompt, type the IP address of your QRadar system:

    Enter new syslog host: <IP address>

    Where <IP address> is the IP address of your QRadar system.

  4. Apply the configuration:

    apply

  5. View all syslog servers currently added to your system configuration:

    /cfg/sys/syslog/list

    You can now configure the log source in QRadar.

  6. To configure QRadar to receive events from a Nortel VPN Gateway device: From the Log Source Type list, select the Nortel VPN Gateway option.