QRadar: Adding the Guardium root user to Guardium Log source

Question & Answer

Question

Why will Guardium not accept the user root? What user and permissions are required to collect events logs from an IBM InfoSphere Guardium appliance that is integrated with QRadar SIEM?

Cause

When trying to connect to IBM Guardium to receive event logs, an error is received and unable to establish a connection from the log source.

Answer

The user in the log source configuration must have the Admin CLI privilege enabled. IBM InfoSphere Guardium appliances have a non root shell account called CLI. You cannot use root or Administrator privileges to access event logs. There are five non Administrator accounts to configure event log access. Guardium requires you set up the CLI account during initial configuration. After the CLI privilege is configured, you must also need to set up a logging facility to be able to pull the logs.

Administrators can refer to Guardium documentation links for more information on configuring a CLI user or configuring a syslog logging facility.

Where do you find more information?

Related Information

Guardium user access

Guardium Syslog configuration

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Integrations - IBM","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2;7.3","Edition":"Advanced","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

QRadar: Adding the Guardium root user to Guardium Log source

Question & Answer

Question

Cause

Answer

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?