During installation of the IBM Security Logon-event Scanner, you must
configure specific settings to allow the scanner to communicate with the IBM QRadar
Network Security appliance.
About this task
Note: Concurrent user login is not supported by the IBM Security Logon-event Scanner on a single
XGS appliance. The appliance can only honor IP addresses.
Tip: You can also use the installer to apply a new SSL certificate to an existing
Logon-event Scanner
installation after performing a firmware upgrade to the IBM QRadar
Network Security appliance.
Procedure
- Double-click the Logon-event Scanner setup
executable to launch the installation wizard.
- Review the Introduction page, and then click Next.
- Select the folder to install the Logon-event Scanner, and then
click Next.
- Specify the following settings:
Option |
Description |
Target Hostname for Logon Events |
Type the IP address or host name of the IBM QRadar
Network Security appliance you want to send events to. |
Target Port Number |
Use port 443. |
Target Servlet Name |
Type the following: logonevent/logonListener.xml |
- Click Next.
- Specify the Scanning Interval and Max Events per Transmission,
and then click Next.
Tip: You should not need to change the default settings.
- Specify the following settings:
Option |
Description |
Enable SSL |
Select to allow the Logon-event Scanner to
communicate with the appliance. |
Use Basic HTTP Authentication |
Select to allow the Logon-event Scanner to
communicate with the appliance. |
Username |
Type the user name the scanner will use to authenticate to the appliance. Important: You must use the same user name you selected when configuring the appliance to
receive Logon-event Scanner
events.
|
Password |
Type the password the scanner will use to authenticate to the appliance. Important: You must use the same password you selected when configuring the appliance to
receive Logon-event Scanner
events.
|
- Click Next.
- On the Select CA Certificate window,
click Choose, select the SSL Certificate you
downloaded from the IBM QRadar
Network Security appliance, and then click Next.
- Review the Pre-Installation Summary, and click Install.
- After the installation is complete, select one of the following
options:
- Yes, restart my system. The Logon-event Scanner service
will start automatically.
- No, I will restart my system myself. To start the Logon-event Scanner service
without restarting the system, you must start the service manually.
- Click Done.