Configuring Epic SIEM 2014 to communicate with QRadar
To collect syslog events from Epic SIEM 2014, you must add an external syslog server for the IBM® QRadar® host.
- If all web services are not enabled for your instance of
Interconnect, complete the following steps to run the required SendSIEMSyslogAudit service:
- To access the Interconnect Configuration Editor, click .
- In the Configuration Editor, select the Business Services form.
- On the Service Category tab, click SendSIEMSyslogAudit.
- Click Save
- Log in to your Epic server.
- Click .
- Use the following table to configure the parameters:
Parameter Description SIEM Host The host name or IP address of the QRadar appliance. SIEM Port 514 SIEM Format LEEF (Log Event Extended Format).
- From the SIEM Syslog Settings menu,
click SIEM Syslog and set it to enabled.
The SIEM Syslog Sending daemon is automatically started when the environment is set to runlevel Up or when you enable SIEM Syslog.
- If you want to stop the daemon, from the SIEM
Syslog Settings menu, click SIEM Syslog and
set it to disabled. Important: If you stop the daemon when the syslog setting is enabled, the system continues to log data without purging. If you want to stop the daemon when the syslog setting is enabled, contact your Epic representative or your system administrator.