Configuring an undocumented protocol

As an open platform, QRadar® collects and processes event data through multiple integration methods (protocol types). Some protocol types can be configured for a particular log source type but are marked as "undocumented". The DSM Configuration Guide doesn't contain instructions on how to set up event collection for undocumented protocols. IBM® does not offer support with the configuration of log sources that use undocumented protocols because they are not internally tested and documented.

Procedure

  1. Use SSH to log in to your QRadar Console appliance as a root user.
  2. Edit the following file: /store/configservices/staging/globalconfig/nva.conf
  3. Set the EXPOSE_UNDOCUMENTED_PROTOCOLS property value to true.
  4. Save the file.
  5. To close the SSH session type exit.
  6. Log in to the QRadar Console.
  7. Click the Admin tab.
  8. Click Deploy Changes.
    Undocumented protocol options appear in the Protocol Configuration list in the log source Add/Edit window.