Add Disconnected Log Collector as a log source in QRadar
To collect events from IBM Disconnected Log Collector, you must either use the QRadar Log Source Management app to register Disconnected Log Collector instances with your IBM QRadar deployment or manually install the Disconnected Log Collector protocol and complete configuration steps on your QRadar system.
When you install Disconnected Log Collector, a universally unique identifier (UUID) is created and used for authentication with QRadar. You can use multiple Disconnected Log Collector instances in your environment, and each instance will have a different UUID. To configure multiple Disconnected Log Collector instances, you can do any of the following:
- You can configure multiple Disconnected Log Collector UUIDs to use the same log source in QRadar. That is, each Disconnected Log Collector instance would communicate with QRadar by using the same defined log source.
- You can configure different Disconnected Log Collector instances to use a different listen port in QRadar.
- You can configure each Disconnected Log Collector instance with the same port number but on a different managed host, which is a host with an event collector on it.