Configuring your VMware vShield system for communication with IBM QRadar

To collect all audit logs and system events from VMware vShield, you must configure the vShield Manager. When you configure VMware vShield, you must specify IBM QRadar as the syslog server.

Procedure

  1. Access your vShield Manager inventory pane.
  2. Click Settings & Reports.
  3. Click Configuration > General.
  4. Click Edit next to the Syslog Server option.
  5. Type the IP address of your QRadar Console.
  6. Optional: Type the port for your QRadar Console. If you do not specify a port, the default UDP port for the IP address/host name of your QRadar Console is used.
  7. Click OK.