Syslog log source parameters for Arbor Networks Peakflow SP
If QRadar does not automatically detect the log source, add an Arbor Networks Peakflow SP log source on the QRadar Console by using the syslog protocol.
When using the syslog protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect syslog
events from Arbor Networks Peakflow SP:
Parameter | Value |
---|---|
Log Source name | The name of your log source. |
Log Source description | Type a description for your log source. |
Log Source type | Arbor Networks Peakflow |
Protocol Configuration | Syslog |
Log Source Identifier | The IP address or host name is used as an identifier for events from your Peakflow SP installation. The log source identifier must be a unique value. |
Credibility | The credibility of the log source. The credibility indicates the integrity of an event or offense as determined by the credibility rating from the source devices. Credibility increases if multiple sources report the same event. |
Target Event Collector | The event collector to use as the target for the log source. |
Coalescing Events | Enables the log source to coalesce (bundle) events. By default, automatically discovered log sources inherit the value of the Coalescing Events list from the System Settings in QRadar. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source. |
Incoming Event Payload | The incoming payload encoder for parsing and storing the logs. |
Store Event Payload | Enables the log source to store event payload information. By default, automatically discovered log sources inherit the value of the Store Event Payload list from the System Settings in QRadar. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source. |