Enable syslog for the IBM® Security Access Manager for Enterprise Single Sign-On server
on the IBM Security Privileged Identity Manager virtual appliance.
Procedure
- Log on to the IBM Security Privileged Identity Manager virtual appliance command
line interface.
- In the command line interface, type update_syslog.
- Enable the syslog attributes. For example,
rwrangler.example.com:service_properties> update_syslog
Enable syslog
logSystemManagementActivity [true/false]: true
logUserAdminActivity [true/false]: true
logUserService [true/false]: true
logUserActivity [true/false]: true
Syslog server port: 514
Syslog server hostname: 10.1.13.127
Syslog logging facility:
Syslog field-separator: ###
Syslog settings will be updated.
Restart ISPIM to apply the new settings.
where,- Enable syslog
- Type true for each of the categories.
- Syslog server port
-
Specify the server port number that is used for forwarding
events to QRadar. Specify 514.
- Syslog server hostname
-
Specify the IP address or hostname of your QRadar Console
or event collector.
- Syslog logging facility
-
Specify the facility of the events forwarded to QRadar. Default
value: 20.
- Syslog field-separator
-
Specify the characters used to separate name-value pair entries
in syslog payload.
- Restart the virtual appliance.
Results
The log source is added to QRadar. Syslog events are automatically
discovered. Events forwarded to QRadar are displayed on the
Log
Activity tab.