Configuring IBM DataPower to communicate with QRadar

To collect IBM® DataPower® events, configure your third-party system to send events to IBM QRadar®.

Before you begin

Review the DataPower logging documents to determine which logging configuration changes are appropriate for your deployment. See IBM Knowledge Center (https://www.ibm.com/docs/en/SS9H2Y_10cd/com.ibm.dp.doc/logtarget_logs.html).

Procedure

  1. Log in to your IBM DataPower system.
  2. In the search box on the left navigation menu, type Log Target.
  3. Select the matching result.
  4. Click Add.
  5. In the Main tab, type a name for the log target.
  6. From the Target Type list, select syslog.
  7. In the Local Identifier field, type an identifier to be displayed in the Syslog event payloads parameter on the QRadar user interface.
  8. In the Remote Host field, type the IP address or host name of your QRadar Console or Event Collector.
  9. In the Remote Port field, type 514.
  10. Under Event Subscriptions, add a base logging configuration with the following parameters:
    Parameter Value
    Event Category all
    Minimum Event Priority warning
    Important: To prevent a decrease in system performance, do not use more than one word for the Minimum Event Priority parameter.
  11. Apply the changes to the log target.
  12. Review and save the configuration changes.