Linux IPtables

The Linux® IPtables DSM for IBM QRadar accepts firewall IPtables events by using syslog.

QRadar records all relevant from Linux IPtables where the syslog event contains any of the following words: Accept, Drop, Deny, or Reject. Creating a customized log prefix in the event payload enables QRadar to easily identify IPtables behavior.