Question & Answer
Question
Why will Guardium not accept the user root? What user and permissions are required to collect events logs from an IBM InfoSphere Guardium appliance that is integrated with QRadar SIEM?
Cause
When trying to connect to IBM Guardium to receive event logs, an error is received and unable to establish a connection from the log source.
Answer
The user in the log source configuration must have the Admin CLI privilege enabled. IBM InfoSphere Guardium appliances have a non root shell account called CLI. You cannot use root or Administrator privileges to access event logs. There are five non Administrator accounts to configure event log access. Guardium requires you set up the CLI account during initial configuration. After the CLI privilege is configured, you must also need to set up a logging facility to be able to pull the logs.
Administrators can refer to Guardium documentation links for more information on configuring a CLI user or configuring a syslog logging facility.
Where do you find more information?
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21679878