JDBC log source parameters for McAfee Application/Change Control
If QRadar does not automatically detect the log source, add a McAfee Application/Change Control log source on the QRadar Console by using the JDBC protocol.
When using the JDBC protocol, there are specific parameters that you must use.
Parameter |
Description |
---|---|
Log Source Type | McAfee Application/Change Control |
Protocol Configuration | JDBC |
Log Source Identifier |
Type a name for the log source. The name can't contain spaces and must be unique among all log sources of the log source type that is configured to use the JDBC protocol. If the log source collects events from a single appliance that has a static IP address or host name, use the IP address or host name of the appliance as all or part of the Log Source Identifier value; for example, 192.168.1.1 or JDBC192.168.1.1. If the log source doesn't collect events from a single appliance that has a static IP address or host name, you can use any unique name for the Log Source Identifier value; for example, JDBC1, JDBC2. |
Table Name |
Type SCOR_EVENTS as the name of the table or view that includes the event records. |
Select List |
Type You can use a comma-separated list to define specific fields from tables or views, if it's needed for your configuration. The list must contain the field that is defined in the Compare Field parameter. The comma-separated list can be up to 255 alphanumeric characters in length. The list can include the following special characters: dollar sign ($), number sign (#), underscore (_), en dash (-), and period(.). |
Compare Field |
Type AutoID as the compare field. The compare field is used to identify new events added between queries to the table. |
For a complete list of Syslog protocol parameters and their values, see JDBC protocol configuration options.