Configuring Syslog for your Bridgewater Systems Device

You must configure your Bridgewater Systems appliance to send syslog events to IBM® QRadar®.

Procedure

  1. Log in to your Bridgewater Systems device command-line interface (CLI).
  2. To log operational messages to the RADIUS and Diameter servers, open the following file:

    /etc/syslog.conf

  3. To log all operational messages, uncomment the following line:

    local1.info /WideSpan/logs/oplog

  4. To log error messages only, change the local1.info /WideSpan/logs/oplog line to the following line:

    local1.err /WideSpan/logs/oplog

    Note: RADIUS and Diameter system messages are stored in the /var/adm/messages file.
  5. Add the following line:

    local1.*@<IP address>

    Where <IP address> is the IP address your QRadar Console.

  6. The RADIUS and Diameter server system messages are stored in the /var/adm/messages file. Add the following line for the system messages:

    <facility>*@<IP address>

    Where:

    <facility> is the facility that is used for logging to the /var/adm/messages file.

    <IP address> is the IP address of your QRadar Console.

  7. Save and exit the file.
  8. Send a hang-up signal to the syslog daemon to make sure that all changes are enforced:

    kill -HUP `cat /var/run/syslog.pid`

    The configuration is complete. The log source is added to QRadar as Bridgewater Systems appliance events are automatically discovered. Events that are forwarded to QRadar by your Bridgewater Systems appliance are displayed on the Log Activity tab.