SysFlow

The IBM QRadar DSM for SysFlow collects syslog events from a SysFlow agent.

To integrate SysFlow with QRadar, complete the following steps:
  1. If automatic updates are not enabled, RPMs are available for download from the IBM® support website (http://www.ibm.com/support). Download and install the most recent version of the following RPMs on your QRadar Console:
    • DSM Common RPM
    • SysFlow DSM RPM
  2. Configure your SysFlow agent to send events to QRadar. For more information, see Configuring SysFlow agent to communicate with QRadar.
  3. If QRadar does not automatically detect the log source, add a SysFlow log source on the QRadar Console. For more information, see Syslog log source parameters for SysFlow.