CA Siteminder windows policy server integration syslogs with IBM q radar document

book

Article ID: 196888

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

we would like to integrate siteminder syslogs with IBM Q radar

Environment

Release : 12.7

Component : SITEMINDER -WEB AGENT FOR APACHE

Resolution

We do not have integration docs for IBM QRadar. If there are integration docs, they will be provided from the IBM side.

From the Siteminder point of view, we do have the option to output our audit logs to a text file, ODBC, or syslog. Unfortunately, it is one or the other and there is not choice to have the log generated in two different areas, e.g text file and syslog. Below is our documentation on how to print audit logs to the syslog which I believe QRadar can work with.

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/administrating/logs-for-administrating-ca-single-sign-on/how-to-record-events-to-the-syslog.html