Forwarding events to IBM® QRadar

After you create your log source, you can forward or retrieve events for QRadar®. Forwarding events by using syslog might require more configuration of your network device.

As events are discovered by QRadar, either using syslog or polling for log files, events are displayed in the Log Activity tab. Events from the devices that forward LEEF events are identified by the name that you type in the Log Source Name field. The events for your log source are not categorized by default in QRadar and they require categorization. For more information on categorizing your Universal LEEF events, see Universal LEEF event map creation.