Configuring Blue Coat SG for syslog

To allow syslog event collection, you must configure your Blue Coat SG appliance to forward syslog events to IBM QRadar.

Before you begin

Note: When you send syslog events to multiple syslog destinations, a disruption in availability in one syslog destination might interrupt the stream of events to other syslog destinations from your Blue Coat SG appliance.

Procedure

  1. Select Configuration > Access Logging > Logs > Upload Client.
  2. From the Log list, select the log that contains your custom format.
  3. From the Client type list, select Custom Client.
  4. Click Settings.
  5. From the Settings For list, select Primary Custom Server.
  6. In the Host field, type the IP address for your QRadar system.
  7. In the Port field, type 514.
  8. Click OK.
  9. Select the Upload Schedule tab.
  10. From the Upload the access log list, select Continuously.
  11. Click Apply.