Configuring your Vormetric Data Security systems for communication with IBM QRadar
To collect all audit logs and system events from Vormetric Data Security, you must configure your Vormetric Data Security Manager to enable communication with QRadar.
About this task
Your Vormetric Data Security Manager user account must have System Administrator permissions.
Procedure
- Log in to your Vormetric Data Security Manager as an administrator that is assigned System Administrator permissions.
- On the navigation menu, click .
- Click Add.
- In the Server Name field, type the IP address or host name of your QRadar system.
- From the Transport Protocol list, select TCP or a value that matches the log source protocol configuration on your QRadar system.
- In the Port Number field, type 514 or a value that matches the log source protocol configuration on your QRadar system.
- From the Message Format list, select LEEF.
- Click OK.
- On the Syslog Server summary screen, verify the details that you have entered for your QRadar system. If the Logging to SysLog value is OFF, complete the following steps. On the navigation menu, click
- Click the System tab.
- In the Syslog Settings pane, select the Syslog Enabled check box.