Configuring Cisco IOS to forward events
You can configure a Cisco IOS-based device to forward events.
Take the following steps to configure your Cisco device:
About this task
- Log in to your Cisco IOS Server, switch, or router.
Type the following command to log in to the router in privileged-exec:
Type the following command to switch to configuration mode:
Type the following commands:
logging <IP address>
logging source-interface <interface>
<IP address> is the IP address of the IBM® QRadar® host and the SIM components.
<interface> is the name of the interface, for example, dmz, lan, ethernet0, or ethernet1.
Type the following to configure the priority level:
logging trap warning
logging console warning
Where warning is the priority setting for the logs.
Configure the syslog facility:
logging facility syslog
- Save and exit the file.
Copy the running-config to startup-config by typing
the following command:
copy running-config startup-config
You are now ready to configure the log source in QRadar.
The configuration is complete. The log source is added to QRadar as Cisco IOS events are automatically discovered. Events that are forwarded to QRadar by Cisco IOS-based devices are displayed on the Log Activity tab of QRadar.