Configuring NCC Group DDoS Secure to communicate with QRadar

The NCC Group DDoS Secure DSM for IBM QRadar receives events from NCC Group DDoS Secure devices by using syslog in Log Event Extended Format (LEEF) format. QRadar records all relevant status and network condition events.

Procedure

  1. Log in to NCC Group DDoS Secure.
  2. Go to the Structured Syslog Server window.
  3. In the Server IP Address(es) field, type the IP address of the QRadar Console.
  4. From the Format list, select LEEF.
  5. Optional: If you do not want to use the default of local0 in the Facility field, type a syslog facility value.
  6. From the Priority list, select the syslog priority level that you want to include. Events that meet or exceed the syslog priority level that you select are forwarded to QRadar.
  7. In the Log Refresh (Secs) field, specify a refresh update time for structured logs. The refresh update time is specified in seconds.
  8. In the Normal Peak Bandwith field, specify the expected normal peak bandwidth of the appliance.