JDBC log source parameters for Sophos PureMessage
If QRadar does not automatically detect the log source, add a Sophos PureMessage log source on the QRadar Console by using the JDBC protocol.
When using the JDBC protocol, there are specific parameters that you must use.
Parameter | Value |
---|---|
Log Source type | Sophos PureMessage |
Protocol Configuration | JDBC |
Log Source Identifier |
Type a name for the log source. The name can't contain spaces and must be unique among all log sources of the log source type that is configured to use the JDBC protocol. If the log source collects events from a single appliance that has a static IP address or host name, use the IP address or host name of the appliance as all or part of the Log Source Identifier value; for example, 192.168.1.1 or JDBC192.168.1.1. If the log source doesn't collect events from a single appliance that has a static IP address or host name, you can use any unique name for the Log Source Identifier value; for example, JDBC1, JDBC2. |
Database Type | MSDE |
Database Name | Type savexquar. |
Table Name | Type siem_view as the name of the table or view that includes the event records. |
Compare Field | Type ID. |
For a complete list of JDBC protocol parameters and their values, see JDBC protocol configuration options.