Configuring a remote syslog in Arbor Networks Peakflow SP

To collect events, you must configure a new notification group or edit existing groups to add IBM® QRadar® as a remote syslog destination.

1. Log in to your Peakflow SP configuration interface as an administrator.
2. In the navigation menu, select Administration > Notification > Groups.
3. Click Add Notification Group.
4. In the Destinations field, type the IP address of your QRadar system.
5. In the Port field, type 514 as the port for your syslog destination.
6. From the Facility list, select a syslog facility.
7. From the Severity list, select info.

   The informational severity collects all event messages at the informational event level and higher severity.

8. Click Save.
9. Click Configuration Commit.