Use the TLS proxy for communication between IBM
Disconnected Log Collector and IBM
QRadar. Disconnected Log
Collector supports the basic
authentication method for proxy authentication.
About this task
In 1.8.5, when you install or upgrade your Disconnected Log
Collector, the
config.json file has a Proxy section that you can
configure.
Tip: If the proxy server connection is interrupted, the Disconnected Log
Collector automatically attempts to
re-establish the connection.
Procedure
- In the config.json file, review the Proxy
section
In the following example, the default settings are
configured.
"Proxy": {
"proxy.description":"Only applicable to destination types TLS, not applicable to destination.type: Kafka and UDP",
"proxy.enabled":"false",
"proxy.ip":"",
"proxy.port":"",
"proxy.username":"",
"proxy.password":""
}
- To enable the proxy, change the value for the proxy.enabled
parameter to
true.
- For the proxy.ip parameter, enter the IP address of the proxy
server.
The value can be either an IP address or a fully qualified domain name
(FQDN).
- For the proxy.port parameter, enter the port that the proxy server
can receive connections on.
- Enter the proxy.username that you configured on the proxy
server.
- Enter the encrypted proxy.password that you configured on the proxy
server.
To encrypt the proxy password, complete the following steps:
- Run the following script:
/opt/ibm/si/services/dlc/current/script/encrypt.sh
- You are prompted to enter and re-enter the proxy password in plain
text.
- Copy the encrypted password that is displayed.
What to do next
Note: Connection issues are logged in
/var/log/dlc/dlc.error.