Cisco VPN 3000 Concentrator

The IBM® QRadar® DSM for Cisco VPN 3000 Concentrator accepts Cisco VPN Concentrator events by using syslog.

About this task

QRadar records all relevant events. Before you can integrate with a Cisco VPN concentrator, you must configure your device to forward syslog events to QRadar.

1. Log in to the Cisco VPN 3000 Concentrator command-line interface (CLI).
2. Type the following command to add a syslog server to your configuration:

   set logging server <IP address>

   Where <IP address> is the IP address of QRadar or your Event Collector.

3. Type the following command to enable system messages to be logged to the configured syslog servers:

   set logging server enable

4. Set the facility and severity level for syslog server messages:

   • set logging server facility <server_facility_parameter>

   • set logging server severity <server_severity_level>

Results

The log source is added to QRadar as Cisco VPN Concentrator events are automatically discovered. Events that are forwarded to QRadar are displayed on the Log Activity tab of QRadar.