Before you can send WebTrends Enhanced Log File (WELF) formatted events to QRadar®, you must configure syslog
server information for events, user access, administrator access and client logs on your Pulse
Secure Pulse Connect Secure device.
Procedure
-
Log in to your Pulse Secure Pulse Connect Secure device administration user interface on the
web:
https://<IP_address>/admin
-
Configure syslog server information for events.
-
Click .
-
From the Select Events to Log pane, select the events that you want to
log.
-
In the Server name/IP field, type the name or IP address of the syslog
server.
-
From the Facility list, select a syslog server facility level.
-
From the Filter list, select WELF:WELF.
-
Click Add, and then click Save Changes.
-
Configure syslog server information for user access.
-
Click .
-
From the Select Events to Log pane, select the events that you want to
log.
-
In the Server name/IP field, type the name or IP address of the syslog
server.
-
From the Facility list, select the facility.
-
Configure syslog server information for Administrator access.
-
Click .
-
From the Select Events to Log pane, select the events that you want to
log.
-
In the Server name/IP field, type the name or IP address of the syslog
server.
-
From the Facility list, select the facility.
-
From the Filter list, select WELF:WELF.
-
Click Add, then click Save Changes.
-
Configure syslog server information for client logs.
-
Click .
-
From the Select Events to Log pane, select the events that you want to
log.
-
In the Server name/IP field, type the name or IP address of the syslog
server.
-
From the Facility list, select the facility.
-
From the Filter list, select WELF:WELF.
-
Click Add, then click Save Changes.
Results
You are now ready to configure a log source in QRadar.