Configuring Windows

To configure RSA Authentication Manager for syslog using Microsoft Windows.

Procedure

  1. Log in to the system that hosts your RSA Security Console.
  2. Open the following file for editing based on your operating system:

    /Program Files/RSASecurity/RSAAuthenticationManager/utils/ resources/ims.properties

  3. Add the following entries to the ims.properties file: 
    ims.logging.audit.admin.syslog_host = <IP address> 
ims.logging.audit.admin.use_os_logger = true 
ims.logging.audit.runtime.syslog_host = <IP address> 
ims.logging.audit.runtime.use_os_logger = true 
ims.logging.system.syslog_host = <IP address> 
ims.logging.system.use_os_logger = true

    Where <IP address> is the IP address or host name of QRadar.

  4. Save the ims.properties files.
  5. Restart RSA services.

    You are now ready to configure the log source in QRadar.

  6. To configure QRadar to receive events from your RSA Authentication Manager: From the Log Source Type list, select the RSA Authentication Manager option.

    For more information on configuring syslog forwarding, see your RSA Authentication Manager documentation.