Configuring a DCN DCS/DCRS Series Switch

To collect events, you must configure your DCN DCS/DCRS Series switch in IBM® QRadar®.

Procedure

  1. Log in to your DCN DCS/DCRS Series Switch command-line interface (CLI).
  2. Type the following command to access the administrative mode:

    enable

  3. Type the following command to access the global configuration mode:

    config

    The command-line interface displays the configuration mode prompt:

    Switch(Config)#

  4. Type the following command to configure a log host for your switch:

    logging <IP address> facility <local> severity <level>

    Where:

    • <IP address> is the IP address of the QRadar Console.
    • <local> is the syslog facility, for example, local0.
    • <level> is the severity of the syslog events, for example, informational. If you specify a value of informational, you forward all information level events and later (more severe), such as, notifications, warnings, errors, critical, alerts, and emergencies.
    For example,

    logging <IP_address> facility local0 severity informational

  5. Type the following command to save your configuration changes:

    write

    The configuration is complete. You can verify the events that are forwarded to QRadar by viewing events in the Log Activity tab.