Creating a syslog destination for events

To create a syslog destination for these events on IBM® Guardium®, you must log in to the command line interface (CLI) and define the IP address for IBM QRadar®.

Procedure

  1. Using SSH, log in to IBM Guardium as the default user.

    Username: <username>

    Password: <password>

  2. Type the following command to configure the syslog destination for informational events:

    store remote add daemon.info <IP address>:<port> <tcp|udp>

    For example,

    store remote add daemon.info <IP_address> tcp

    Where:

    • <IP address> is the IP address of your QRadar Console or Event Collector.

    • <port> is the syslog port number that is used to communicate to the QRadar Console or Event Collector.

    • <tcp|udp> is the protocol that is used to communicate to the QRadar Console or Event Collector.

  3. Type the following command to configure the syslog destination for warning events:

    store remote add daemon.warning <IP address>:<port> <tcp|udp>

    Where:

    • <IP address> is the IP address of your QRadar Console or Event Collector.
    • <port> is the syslog port number that is used to communicate to the QRadar Console or Event Collector.
    • <tcp|udp> is the protocol that is used to communicate to the QRadar Console or Event Collector.
  4. Type the following command to configure the syslog destination for error events:

    store remote add daemon.err <IP address>:<port> <tcp|udp>

    Where:

    • <IP address> is the IP address of your QRadar Console or Event Collector.
    • <port> is the syslog port number that is used to communicate to the QRadar Console or Event Collector.
    • <tcp|udp> is the protocol that is used to communicate to the QRadar Console or Event Collector.
  5. Type the following command to configure the syslog destination for alert events:

    store remote add daemon.alert <IP address>:<port> <tcp|udp>

    Where:

    • <IP address> is the IP address of your QRadar Console or Event Collector.
    • <port> is the syslog port number that is used to communicate to the QRadar Console or Event Collector.
    • <tcp|udp> is the protocol that is used to communicate to the QRadar Console or Event Collector.

    You are now ready to configure a policy for IBM InfoSphere® Guardium.