Pulling Data when you use the Log File Protocol

You can configure IBM i as the log source, and to use the log file protocol in IBM QRadar:

Procedure

  1. To configure QRadar to receive events from an IBM i system, you must select the IBM i option from the Log Source Type list when you add a log source in QRadar.
  2. To configure the log file protocol for the IBM i DSM, you must select the Log File option from the Protocol Configuration list and define the location of your FTP server connection settings.
    Note: If you are using the PowerTech Interact or LogAgent for System i® software to collect CEF formatted syslog messages, you must select the Syslog option from the Protocol Configuration list.
  3. Use the log file protocol option that you select a secure protocol for transferring files, such as Secure File Transfer Protocol (SFTP).

What to do next

For a complete list of Log File protocol parameter options, see Log File protocol configuration options.