Introduction to log source management
You can configure IBM® QRadar® to accept event logs from log sources that are on your network. A log source is a data source that creates an event log.
For example, a firewall or intrusion protection system (IPS) logs security-based events, and switches or routers logs network-based events.
To receive raw events from log sources, QRadar supports many protocols. Passive protocols listen for events on specific ports. Active protocols use APIs or other communication methods to connect to external systems that poll and retrieve events.
Depending on your license limits, QRadar can read and interpret events from more than 300 log sources.
- Download and install a device support module (DSM) that supports the log source. A DSM is software application that contains the event patterns that are required to identify and parse events from the original format of the event log to the format that QRadar can use.
- If automatic discovery is supported for the DSM, wait for QRadar to automatically add the log source to your list of configured log sources.
- If automatic discovery is not supported for the DSM, manually create the log source configuration.