Configuring your Vormetric Data Security systems for communication with IBM QRadar

To collect all audit logs and system events from Vormetric Data Security, you must configure your Vormetric Data Security Manager to enable communication with QRadar.

About this task

Your Vormetric Data Security Manager user account must have System Administrator permissions.

Procedure

  1. Log in to your Vormetric Data Security Manager as an administrator that is assigned System Administrator permissions.
  2. On the navigation menu, click Log > Syslog.
  3. Click Add.
  4. In the Server Name field, type the IP address or host name of your QRadar system.
  5. From the Transport Protocol list, select TCP or a value that matches the log source protocol configuration on your QRadar system.
  6. In the Port Number field, type 514 or a value that matches the log source protocol configuration on your QRadar system.
  7. From the Message Format list, select LEEF.
  8. Click OK.
  9. On the Syslog Server summary screen, verify the details that you have entered for your QRadar system. If the Logging to SysLog value is OFF, complete the following steps. On the navigation menu, click System > General Preferences
  10. Click the System tab.
  11. In the Syslog Settings pane, select the Syslog Enabled check box.

What to do next

Configuring Vormetric Data Firewall FS Agents to bypass Vormetric Data Security Manager