Configuring Logon-event Scanner to communicate with the Network Security appliance

During installation of the IBM Security Logon-event Scanner, you must configure specific settings to allow the scanner to communicate with the IBM QRadar Network Security appliance.

About this task

Note: Concurrent user login is not supported by the IBM Security Logon-event Scanner on a single XGS appliance. The appliance can only honor IP addresses.
Tip: You can also use the installer to apply a new SSL certificate to an existing Logon-event Scanner installation after performing a firmware upgrade to the IBM QRadar Network Security appliance.

Procedure

  1. Double-click the Logon-event Scanner setup executable to launch the installation wizard.
  2. Review the Introduction page, and then click Next.
  3. Select the folder to install the Logon-event Scanner, and then click Next.
  4. Specify the following settings:
    Option Description
    Target Hostname for Logon Events Type the IP address or host name of the IBM QRadar Network Security appliance you want to send events to.
    Target Port Number Use port 443.
    Target Servlet Name Type the following: logonevent/logonListener.xml
  5. Click Next.
  6. Specify the Scanning Interval and Max Events per Transmission, and then click Next.
    Tip: You should not need to change the default settings.
  7. Specify the following settings:
    Option Description
    Enable SSL Select to allow the Logon-event Scanner to communicate with the appliance.
    Use Basic HTTP Authentication Select to allow the Logon-event Scanner to communicate with the appliance.
    Username Type the user name the scanner will use to authenticate to the appliance.
    Important: You must use the same user name you selected when configuring the appliance to receive Logon-event Scanner events.
    Password Type the password the scanner will use to authenticate to the appliance.
    Important: You must use the same password you selected when configuring the appliance to receive Logon-event Scanner events.
  8. Click Next.
  9. On the Select CA Certificate window, click Choose, select the SSL Certificate you downloaded from the IBM QRadar Network Security appliance, and then click Next.
  10. Review the Pre-Installation Summary, and click Install.
  11. After the installation is complete, select one of the following options:
    • Yes, restart my system. The Logon-event Scanner service will start automatically.
    • No, I will restart my system myself. To start the Logon-event Scanner service without restarting the system, you must start the service manually.
  12. Click Done.
Parent topic: Passive authentication
Related tasks:
Configuring the appliance to receive Logon-event Scanner events
Downloading the SSL certificate for Logon-event Scanner