NGINX HTTP Server

The IBM® QRadar® DSM for NGINX HTTP Server collects Syslog events from an NGINX HTTP Server device.

To integrate NGINX HTTP Server with QRadar, complete the following steps:
  1. If automatic updates are not enabled, RPMs are available for download from the IBM support website (http://www.ibm.com/support). Download and install the most recent version of the following RPMs on your QRadar Console:
    • Apache HTTP Server DSM RPM
    • NGINX HTTP Server DSM RPM
  2. Configure your NGINX HTTP Server device to send events to QRadar.
  3. If QRadar does not automatically detect the log source, add an NGINX HTTP Server log source on the QRadar Console. The following table describes the parameters that require specific values to collect Syslog events from NGINX HTTP Server:
    Table 1. NGINX HTTP Server Syslog log source parameters
    Parameter Value
    Log Source type NGINX HTTP Server
    Protocol Configuration Syslog
    Log Source Identifier The IPv4 address or host name that identifies the log source. If your network contains multiple devices that are attached to a single management console, specify the IP address of the individual device that created the event. A unique identifier, such as an IP address, prevents event searches from identifying the management console as the source for all of the events.