Configuring syslog forwarding for Cisco CatOS devices

Before you configure a Cisco CatOS device in IBM QRadar, you must configure your device to forward syslog events.

Procedure

  1. Log in to your Cisco CatOS user interface.
  2. Type the following command to access privileged EXEC mode:

    enable

  3. Configure the system to timestamp messages:

    set logging timestamp enable

  4. Type the following command with the IP address of IBM QRadar:

    set logging server <IP address>

  5. Limit messages that are logged by selecting a severity level:

    set logging server severity <server severity level>

  6. Configure the facility level to be used in the message. The default is local7.

    set logging server facility <server facility parameter>

  7. Enable the switch to send syslog messages to the QRadar.

    set logging server enable

What to do next

You are now ready to configure the log source in QRadar.