If you are using a Forcepoint V-Series appliance, contact Forcepoint Technical Support to
enable this feature.
Procedure
-
Log in to the command-line Interface (CLI) of the server running Forcepoint Content
Gateway.
-
Add the following lines to the end of the /etc/rc.local file:
( while [ 1 ] ; do tail -n1000 -F /opt/WCG/logs/leef.log | nc <IP Address> 514 sleep 1 done ) &
Where <IP Address> is the IP address for IBM®
QRadar®.
-
To start logging immediately, type the following
command:
nohup /bin/bash -c "while [ 1 ] ; do tail -F /opt/WCG/logs/leef.log | nc <IP Address> 514; sleep 1; done" &
The configuration is complete. The log source is added to QRadar as syslog events from
Forcepoint V-Series Content Gateway are automatically discovered. Events forwarded by Forcepoint
V-Series Content Gateway are displayed on the Log Activity tab of QRadar.