genua genugate
The IBM QRadar DSM for genua genugate collects events from a genua genugate device.
genua genugate produces logs from third-party software such as openBSD and sendMail. The genua genugate DSM provides basic parsing for the logs from these third-party devices. To achieve more specify parsing for these logs, install the specific DSM for that device.
The following table lists the specifications for the genua genugate DSM:
Specification | Value |
---|---|
Manufacturer | genua |
DSM name | genua genugate |
RPM file name | DSM-GenuaGenugate-Qradar_version-build_number.noarch.rpm |
Supported versions | 8.2 and later |
Protocol | Syslog |
Recorded event types | General error messages High availability General relay messages Relay-specific messages genua programs/daemons EPSI Accounting Daemon - gg/src/acctd Configfw FWConfig ROFWConfig User-Interface Webserver |
Automatically discovered? | Yes |
Includes identity? | Yes |
Includes custom properties? | No |
More information | genua website (https://www.genua.de/en/solutions/high-resistance-firewall-genugate.html) |
To send genua genugate events to QRadar, complete
the following steps:
- If automatic updates are not enabled, download and install the most recent
version of the following RPMs from the IBM® Support Website onto your QRadar
Console:
- DSMCommon RPM
- genua genugate DSM RPM
- Configure your genua genugate device to send syslog events to QRadar.
- If QRadar
does not automatically detect the log source, add a genua genugate log source on
the QRadar
Console. Configure all required parameters and use the following table to
identify specific values for genua genugate:
Table 2. genua genugate log source parameters Parameter Value Log Source type genua genugate Protocol Configuration Syslog