To collect all alerts logs from STEALTHbits StealthINTERCEPT, you must specify IBM
QRadar as the syslog server and
configure the message format.
Procedure
-
Log in to your STEALTHbits StealthINTERCEPT server.
-
Start the Administration Console.
-
Click .
-
Configure the following parameters:
Parameter |
Description |
Host Address |
The IP address of the QRadar
Console |
Port |
514 |
-
Click Import mapping file.
-
Select the SyslogLeefTemplate.txt file and press Enter.
-
Click Save.
-
On the Administration Console, click Actions.
-
Select the mapping file that you imported, and then select the Send to
Syslog check box.
Tip: Leave the Send to Events DB check box selected.
StealthINTERCEPT uses the events database to generate reports.
-
Click Add.