Configuring a logging pool

A logging pool is used to define a pool of servers that receive syslog events. The pool contains the IP address, port, and a node name that you provide.

Procedure

  1. From the navigation menu, select Local Traffic > Pools.
  2. Click Create.
  3. In the Name field, type a name for the logging pool.

    For example, Logging_Pool.

  4. From the Health Monitor field, in the Available list, select TCP and click <<.

    This clicking action moves the TCP option from the Available list to the Selected list.

  5. In the Resource pane, from the Node Name list, select Logging_Node or the name you defined in Configuring a logging pool.
  6. In the Address field, type the IP address for the QRadar Console or Event Collector.
  7. In the Service Port field, type 514.
  8. Click Add.
  9. Click Finish.