Configuring Vormetric Data Firewall FS Agents to bypass Vormetric Data Security Manager
When the Vormetric Data Security Manager is enabled to communicate with IBM® QRadar®, all events from the Vormetric Data Firewall FS Agents are also forwarded to the QRadar system through the Vormetric Data Security Manager.
About this task
To bypass the Vormetric Data Security Manager, you can configure Vormetric Data Firewall FS Agents to send LEEF events directly to the QRadar system.
Your Vormetric Data Security Manager user account must have System Administrator permissions.
- Log in to your Vormetric Data Security Manager.
- On the navigation menu, click .
- Click the FS Agent Log tab.
In the Policy Evaluation row, configure the following parameters:
- Select the Log to Syslog/Event Log check box.
- Clear the Upload to Server check box.
From the Level list, select INFO.
This set up enables a full audit trail from the policy evaluation module to be sent directly to a syslog server, and not to the Security Manager. Leaving both destinations enabled might result in duplication of events to the QRadar system.
Under the Syslog Settings section, configure the following parameters. In the
Server field, use the following syntax to type the IP address or host name
and port number of your QRadar
- From the Protocol list, select TCP or a value that matches the log source configuration on your QRadar system.
- From the Message Format list, select LEEF.