Creating a TLS log source destination for managed agents

Create a TLS destination if you want to send encrypted events to IBM® Security QRadar® appliances. For any existing log sources that are using WinCollect you must ensure that they use the TLS destination you created so that the events are encrypted.

Procedure

  1. Click the Admin tab.
  2. Create a TLS log source destination.
    1. Click Data Sources > WinCollect.
    2. In the WinCollect window, click Destinations > Add.
    3. Give the destination a name, and specify the IP address or hostname of the console.
    4. In the Protocol menu, select TCP/TLS (Encrypted).
    5. Paste the certificate, including the BEGIN and END lines.
      Find the self-signed certificate in /opt/qradar/conf/trusted_certificates/syslog-tls.cert.
    6. Click Save.
  3. Create a TLS Syslog log source where the log source type is Universal DSM and the protocol type is TLS Syslog.
    For more information about adding a log source, see Adding a log source to receive events (https://www.ibm.com/docs/en/qradar-common?topic=app-adding-log-source-receive-events).