Configuring the remote syslog setup

Use the REMOTE SYSLOG SETUP widget to enable remote system logging and to configure protocol details.

Procedure

  1. In QRadar® Network Packet Capture, click the ADMIN tab.
  2. Go to the REMOTE SYSLOG SETUP widget.
  3. Select the Remote Syslog Enabled check box to enable system logging.

    Select Only log LEEF if you want to capture only Log Event Extended Format (LEEF) syslog events.

    Figure 1. Remote Syslog Setup widget
    The Remote Syslog Setup widget has a check box to enable the remote syslog function, and a check box to capture LEEF logs only. Radio buttons can be selected for UDP or TCP protocol. Enter the port number in Remote Syslog Server Port, and the server address in Remote Syslog Server. Apply and Reset buttons are at the bottom of the widget.
  4. Check UDP or TCP protocol according to your settings.
  5. Specify a port number for the Remote Syslog Server Port and an IP address for the Remote Syslog Server fields.
  6. Click Apply.