Before you can send WebTrends Enhanced Log File (WELF) formatted events to QRadar, you must configure syslog
server information for events, user access, administrator access and client logs on your Pulse
Secure Pulse Connect Secure device.
Procedure
-
Log in to your Pulse Secure Pulse Connect Secure device administration user interface on the
web:
https://<IP_address>/admin
-
Configure syslog server information for events.
-
Click .
-
From the Select Events to Log pane, select the events that you want to
log.
-
In the Server name/IP field, type the name or IP address of the syslog
server.
-
From the Facility list, select a syslog server facility level.
-
From the Filter list, select WELF:WELF.
-
Click Add, and then click Save Changes.
-
Configure syslog server information for user access.
-
Click .
-
From the Select Events to Log pane, select the events that you want to
log.
-
In the Server name/IP field, type the name or IP address of the syslog
server.
-
From the Facility list, select the facility.
-
Configure syslog server information for Administrator access.
-
Click .
-
From the Select Events to Log pane, select the events that you want to
log.
-
In the Server name/IP field, type the name or IP address of the syslog
server.
-
From the Facility list, select the facility.
-
From the Filter list, select WELF:WELF.
-
Click Add, then click Save Changes.
-
Configure syslog server information for client logs.
-
Click .
-
From the Select Events to Log pane, select the events that you want to
log.
-
In the Server name/IP field, type the name or IP address of the syslog
server.
-
From the Facility list, select the facility.
-
From the Filter list, select WELF:WELF.
-
Click Add, then click Save Changes.
Results
You are now ready to configure a log source in QRadar.