Configuring a logging pool

A logging pool is used to define a pool of servers that receive syslog events. The pool contains the IP address, port, and a node name that you provide.

Procedure

  1. From the navigation menu, select Local Traffic > Pools.
  2. Click Create.
  3. In the Name field, type a name for the logging pool.

    For example, Logging_Pool.

  4. From the Health Monitor field, in the Available list, select TCP and click <<.

    This clicking action moves the TCP option from the Available list to the Selected list.

  5. In the Resource pane, from the Node Name list, select Logging_Node or the name you defined in Configuring a logging pool.
  6. In the Address field, type the IP address for the QRadar® Console or Event Collector.
  7. In the Service Port field, type 514.
  8. Click Add.
  9. Click Finish.