IBM Support

QRadar: Adding the Guardium root user to Guardium Log source

Question & Answer


Why will Guardium not accept the user root? What user and permissions are required to collect events logs from an IBM InfoSphere Guardium appliance that is integrated with QRadar SIEM?


When trying to connect to IBM Guardium to receive event logs, an error is received and unable to establish a connection from the log source.


The user in the log source configuration must have the Admin CLI privilege enabled. IBM InfoSphere Guardium appliances have a non root shell account called CLI. You cannot use root or Administrator privileges to access event logs. There are five non Administrator accounts to configure event log access. Guardium requires you set up the CLI account during initial configuration. After the CLI privilege is configured, you must also need to set up a logging facility to be able to pull the logs.

Administrators can refer to Guardium documentation links for more information on configuring a CLI user or configuring a syslog logging facility.

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Integrations - IBM","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2;7.3","Edition":"Advanced","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018