To collect events from IBM® SAN Volume Controller, you must configure IBM SAN Volume Controller (SVC) cluster to send events to QRadar® from a syslog
server.
SVC cluster uses rsyslogd 5.8.10 on a Linux® 6.4 based host.
Procedure
-
Use SSH to log in to the SVC cluster command-line interface (CLI).
-
Type the following command to configure a remote syslog server to send CADF events to QRadar:
svctask mksyslogserver -ip
<QRadar_Event_Collector_IP_Address> error
<on_or_off> -warning <on_or_off> -info
<on_or_off> -cadf on
The following example shows a command that is used to configure a remote syslog server to send
CADF events:
svctask mksyslogserver -ip 192.0.2.1 -error on -warning on -info on -cadf
on
Note: The error and warning flags are CADF event types that SVC sends to syslog servers.