SysFlow
The IBM QRadar DSM for SysFlow collects syslog events from a SysFlow agent.
To integrate SysFlow with QRadar, complete the following steps:
- If automatic updates are not enabled, RPMs are available for download from the IBM® support website (http://www.ibm.com/support). Download and install the most recent
version of the following RPMs on your QRadar
Console:
- DSM Common RPM
- SysFlow DSM RPM
- Configure your SysFlow agent to send events to QRadar. For more information, see Configuring SysFlow agent to communicate with QRadar.
- If QRadar does not automatically detect the log source, add a SysFlow log source on the QRadar Console. For more information, see Syslog log source parameters for SysFlow.