Configure IBM Security Access Manager for Mobile to send
audit logs to IBM®
QRadar® through
TLS syslog.
Before you begin
Ensure that IBM Security Access Manager for
Mobile has access to QRadar for
TLS syslog communication.
Procedure
- Select .
- Click the Syslog tab and enter the
information in the following table.
| Field |
Value |
|---|
| Enable audit log |
Click Enable audit log. |
| Enable verbose audit events |
Click Enable verbose audit events. Audit
events that are not verbose do not
contain the JSON payload, which contains details of user
activity.
|
| Location of syslog server |
Select On a remote server |
| Host |
The QRadar server
host name or IP. |
| Port |
The port number that you want to use for QRadar to
accept incoming TLS syslog events. |
| Protocol |
Select TLS |
| Certificate database (truststore) |
The truststore that validates the syslog server certificate.
|
| Enable client certificate
authentication
|
Click Enable client certificate authentication. The
client can do client certificate authentication
during the SSL handshake upon server request.
|
| Certificate database (keystore)
|
The keystore for client certificate authentication. |
| Certificate label |
The personal certificate for client certificate
authentication |
| Enable disk failover |
Clear Enable disk failover. |
- Click Save.
- Click Click here to review the changes or apply
them to the system to review pending
changes.
- Click Deploy Changes.
The runtime server restarts automatically if
any of the new changes require a restart.