Apple Mac OS X

The IBM® QRadar® DSM for Apple Mac OS X accepts events by using syslog.

QRadar records all relevant firewall, web server access, web server error, privilege escalation, and informational events.

To integrate Apple Mac OS X events with QRadar, you must manually create a log source to receive syslog events.

To complete this integration, you must configure a log source, then configure your Apple Mac OS X to forward syslog events. Syslog events that are forwarded from Apple Mac OS X devices are not automatically discovered. Syslog events from Apple Mac OS X can be forwarded to QRadar on TCP port 514 or UDP port 514.