IBM® Security QRadar® automatically discovers and creates a log source for syslog events from Check Point FireWall-1. The following configuration steps are optional.

Procedure

  1. Log in to QRadar.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.
  4. Click the Log Sources icon.
  5. Click Add.
  6. In the Log Source Name field, type a name for your log source.
  7. In the Log Source Description field, type a description for the log source.
  8. From the Log Source Type list, select Check Point FireWall-1.
  9. Using the Protocol Configuration list, select Syslog.
  10. Configure the following values:
    Table 1. Syslog parameters

    Parameter

    Description

    Log Source Identifier

    Enter the IP address or host name for the log source as an identifier for events from your Check Point FireWall-1 appliance.

  11. Click Save.
  12. On the Admin tab, click Deploy Changes.

Fuente: IBM

Anuncios