SonicWALL captures all SonicOS event activity. The events can be forwarded to IBM
QRadar by using SonicWALL's
default event format.
Procedure
-
Log in to your SonicWALL web interface.
-
From the navigation menu, select .
-
From the Syslog Servers pane, click Add.
-
In the Name or IP Address field, type the IP address of your QRadar
Console or Event Collector.
-
In the Port field, type 514.
SonicWALL syslog forwarders send events to QRadar by using UDP port 514.
-
Click OK.
-
From the Syslog Format list, select Default.
-
Click Apply.
Syslog events are forwarded to QRadar. SonicWALL events that are
forwarded to QRadar are
automatically discovered and log sources are created automatically. For more information on
configuring your SonicWALL appliance or for information on specific events, see your vendor
documentation.