Configuring Cisco Pix to forward events

You can configure Cisco Pix to forward events.

Procedure

  1. Log in to your Cisco PIX appliance by using a console connection, telnet, or SSH.
  2. Type the following command to access Privileged mode:

    enable

  3. Type the following command to access Configuration mode:

    conf t

  4. Enable logging and time stamp the logs:

    logging on

    logging timestamp

  5. Set the log level:

    logging trap warning

  6. Configure logging to IBM® QRadar®:

    logging host <interface> <IP address>

    Where:

    • <interface> is the name of the interface, for example, DMZ, LAN, ethernet0, or ethernet1.

    • <IP address> is the IP address of the QRadar host.

    The configuration is complete. The log source is added to QRadar as Cisco Pix Firewall events are automatically discovered. Events that are forwarded to QRadar by Cisco Pix Firewalls are displayed on the Log Activity tab of QRadar.