The Extreme NetSight Automatic Security Manager DSM for IBM
QRadar accepts events by using
syslog.
About this task
QRadar records all
relevant events. Before you configure an Extreme NetSight Automatic Security Manager device in QRadar, you must configure your
device to forward syslog events.
To
configure the device to send syslog events to QRadar:
Procedure
- Log in to the Automatic Security Manager user interface.
- Click the Automated Security Manager icon
to access the Automated Security Manager Configuration window.
Note: You can also access the Automated Security
Manager Configuration window from the Tool menu.
- From the left navigation menu, select Rule Definitions.
- Choose one of the following options:
If
a rule is configured, highlight the rule. Click Edit.
- To create a new rule, click Create.
- Select the Notifications check box.
- Click Edit.
The Edit
Notifications window is displayed.
- Click Create.
The Create
Notification window is displayed.
- Using the Type list, select Syslog.
- In the Syslog Server IP/Name field,
type the IP address of the device that receives syslog traffic.
- Click Apply.
- Click Close.
- In the Notification list, select
the notification that is configured.
- Click OK.
- You are now ready to configure the log source in QRadar.
To configure QRadar to
receive events from an Extreme NetSight Automatic Security Manager device, select Extreme
NetsightASM from the Log Source Type list.
For more information about your Extreme NetSight Automatic Security Manager device, see your
vendor documentation.