Arbor Networks Peakflow SP

IBM® QRadar® can collect and categorize syslog and TLS syslog events from Arbor Networks Peakflow SP appliances that are in your network.

Arbor Networks Peakflow SP appliances store the syslog events locally.

To collect local syslog events, you must configure your Peakflow SP appliance to forward the syslog events to a remote host. QRadar automatically discovers and creates log sources for syslog events that are forwarded from Arbor Networks Peakflow SP appliances. QRadar supports syslog events that are forwarded from Peakflow V5.8 to V8.1.2.

To configure Arbor Networks Peakflow SP, complete the following steps:

  1. On your Peakflow SP appliance, create a notification group for QRadar.
  2. On your Peakflow SP appliance, configure the global notification settings.
  3. On your Peakflow SP appliance, configure your alert notification rules.
  4. If automatic updates are not enabled for QRadar, RPMs are available for download from the IBM support website. Download and install the most recent version of the following RPMs on your QRadar Console.
    • DSMCommon RPM
    • Arbor Networks Peakflow SP DSM RPM
  5. Configure your Arbor Networks Peakflow SP appliance to send syslog or TLS syslog events to QRadar.
  6. If QRadar does not automatically detect the log source, add an Arbor Networks Peakflow SP log source on the QRadar Console. The following tables describe the parameters that require specific values to collect events from Arbor Networks Peakflow SP:
    Table 1. Arbor Networks Peakflow SP log source parameters
    Parameter Value
    Log Source type Arbor Networks Peakflow SP
    Protocol Configuration Select Syslog or TLS Syslog
    Log Source Identifier Type a unique name for the log source.