Configuring Cisco Nexus to forward events

You can configure syslog on your Cisco Nexus server to forward events:

Procedure

  1. Type the following command to switch to configuration mode:

    config t

  2. Type the following commands:

    logging server <IP address> <severity>

    Where:

    • <IP address> is the IP address of your QRadar® Console.

    • <severity> is the severity level of the event messages, that range 0 - 7 in value.

    For example, logging server 192.0.2.1 6 forwards information level (6) syslog messages to 192.0.2.1.

  3. Type the following command to configure the interface for sending syslog events:

    logging source-interface loopback

  4. Type the following command to save your current configuration as the startup configuration:

    copy running-config startup-config

    The configuration is complete. The log source is added to IBM® QRadar as Cisco Nexus events are automatically discovered. Events that are forwarded to QRadar by Cisco Nexus are displayed on the Log Activity tab of QRadar.