Tropos Control

The Tropos Control DSM for IBM QRadar accepts events by using syslog.

About this task

QRadar can record all fault management, login and logout events, provisioning events, and device image upload events. Before you configure QRadar, you must configure your Tropos Control to forward syslog events.

You can configure Tropos Control to forward logs by using syslog to QRadar.

Procedure

  1. Use an SSH to log in to your Tropos Control device as a root user.
  2. Open the following file for editing:

    /opt/ControlServer/ems/conf/logging.properties

  3. To enable syslog, remove the comment marker (#) from the following line:

    #log4j.category.syslog = INFO, syslog

  4. To configure the IP address for the syslog destination, edit the following line:

    log4j.appender.syslog.SyslogHost = <IP address>

    Where <IP address> is the IP address or host name of QRadar.

    By default, Tropos Control uses a facility of USER and a default log level of INFO. These default settings are correct for syslog event collection from a Tropos Control device.

  5. Save and exit the file.
  6. You are now ready to configure the Tropos Control DSM in QRadar.

    To configure QRadar to receive events from Tropos Control:

    1. From the Log Source Type list, select Tropos Control.