Configure an Akamai Kona log source by using the HTTP Receiver protocol

Collect events from Akamai Kona in QRadar® by using the HTTP Receiver protocol.

Collect events by using the HTTP Receiver Protocol:
  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the IBM® Support Website onto your QRadar Console:
    • Protocol Common RPM
    • DSMCommon RPM
    • HTTPReceiver Protocol RPM
    • Akamai KONA DSM RPM
  2. Configure your Akamai KONA system to communicate with QRadar. For more information, contact Akamai.
  3. If you plan to configure the log source to use the HTTPs and Client Authentication options, copy the Akamai KONA certificate to the target QRadar Event Collector.
  4. For each Akamai KONA server that you want to integrate, create a log source on the QRadar Console. Configure all the required parameters. Use this table to configure Akamai Kona specific parameters:
    Table 1. Akamai KONA log source parameters
    Parameter Description
    Log source type Akamai KONA
    Protocol Configuration HTTP Receiver
    Client Certificate Path The absolute file path to the client certificate on the target QRadar Event Collector.

    Ensure that the Akamai KONA certificate is already copied to the Event Collector.

    If you select the HTTPs and Client Authentication option from the Communication Type list, the Client Certificate Path parameter is required.
    Listen Port The destination port that is configured on the Akamai KONA system.
    Important: Do not use port 514. Port 514 is used by the standard Syslog listener.
    Message Pattern

    The Message Pattern '\{"type' is for JSON format events.

    For more information about this protocol, see HTTP Receiver protocol configuration options.

    Restriction: This integration requires you to open a non-standard port in your firewall for incoming Akamai connections. Use an internal proxy to route the incoming Akamai connections. Do not point the Akamai data stream directly to the QRadar Console. For more information about opening a non-standard port in your firewall, consult your Network security professionals.