genua genugate

The IBM QRadar DSM for genua genugate collects events from a genua genugate device.

genua genugate produces logs from third-party software such as openBSD and sendMail. The genua genugate DSM provides basic parsing for the logs from these third-party devices. To achieve more specify parsing for these logs, install the specific DSM for that device.

The following table lists the specifications for the genua genugate DSM:
Table 1. genua genugate DSM specifications
Specification Value
Manufacturer genua
DSM name genua genugate
RPM file name DSM-GenuaGenugate-Qradar_version-build_number.noarch.rpm
Supported versions 8.2 and later
Protocol Syslog
Recorded event types General error messages

High availability

General relay messages

Relay-specific messages

genua programs/daemons

EPSI

Accounting Daemon - gg/src/acctd

Configfw

FWConfig

ROFWConfig

User-Interface

Webserver

Automatically discovered? Yes
Includes identity? Yes
Includes custom properties? No
More information genua website (https://www.genua.de/en/solutions/high-resistance-firewall-genugate.html)
To send genua genugate events to QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the IBM® Support Website onto your QRadar Console:
    • DSMCommon RPM
    • genua genugate DSM RPM
  2. Configure your genua genugate device to send syslog events to QRadar.
  3. If QRadar does not automatically detect the log source, add a genua genugate log source on the QRadar Console. Configure all required parameters and use the following table to identify specific values for genua genugate:
    Table 2. genua genugate log source parameters
    Parameter Value
    Log Source type genua genugate
    Protocol Configuration Syslog