Before you configure a Cisco CatOS device in IBM
QRadar, you must configure your
device to forward syslog events.
Procedure
-
Log in to your Cisco CatOS user interface.
-
Type the following command to access privileged EXEC mode:
-
Configure the system to timestamp messages:
set logging timestamp enable
-
Type the following command with the IP address of IBM
QRadar:
set logging server <IP address>
-
Limit messages that are logged by selecting a severity level:
set logging server severity <server severity
level>
-
Configure the facility level to be used in the message. The default is local7.
set logging server facility <server facility
parameter>
-
Enable the switch to send syslog messages to the QRadar.
set logging server enable
What to do next
You are now ready to configure the log source in QRadar.