Create a TLS destination if you want to send encrypted events to IBM® Security QRadar® appliances. For any existing log
sources that are using WinCollect you must
ensure that they use the TLS destination you created so that the events are encrypted.
Procedure
- Click the Admin tab.
- Create a TLS log source destination.
- Click .
- In the WinCollect window, click
.
- Give the destination a name, and specify the IP address or hostname of the console.
- In the Protocol menu, select TCP/TLS
(Encrypted).
- Paste the certificate, including the BEGIN and
END lines.
Find the self-signed certificate in
/opt/qradar/conf/trusted_certificates/syslog-tls.cert.
- Click Save.
- Create a TLS Syslog log source where the log source type is Universal
DSM and the protocol type is TLS Syslog.