Damballa Failsafe

The Failsafe DSM for IBM QRadar accepts syslog events by using the Log Event Extended Format (LEEF), enabling QRadar to record all relevant Damballa Failsafe events.

Damballa Failsafe must be configured to generate events in Log Event Extended Format(LEEF) and forward these events by using syslog. The LEEF format consists of a pipe ( | ) delimited syslog header, and tab separated fields in the log event payload.

If the syslog events that are forwarded from your Damballa Failsafe are not correctly formatted in LEEF format, you must check your device configuration or software version to ensure that your appliance supports LEEF. Properly formatted LEEF event messages are automatically discovered and added as a log source to QRadar.