Radware AppWall

The IBM® QRadar® DSM for Radware AppWall collects logs from a Radware AppWall appliance.

The following table describes the specifications for the Radware AppWall DSM:
Table 1. Radware AppWall DSM specifications
Specification Value
Manufacturer Radware
DSM name Radware AppWall
RPM file name DSM-RadwareAppWall-QRadar_version-build_number.noarch.rpm
Supported versions 6.5.2


Protocol Syslog
Recorded event types






Automatically discovered? Yes
Includes identity? No
Includes custom properties? No
More information For more information, see the Radware link to public site website (https://www.radware.com).
To integrate Radware AppWall with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download and install the most recent version of the Radware AppWall DSM RPM from the IBM Support Website onto your QRadar Console:
  2. Configure your Radware AppWall device to send logs to QRadar.
  3. If QRadar does not automatically detect the log source, add a Radware AppWall log source on the QRadar Console. The following table describes the parameters that require specific values for Radware AppWall event collection:
    Table 2. Radware AppWall log source parameters
    Parameter Value
    Log Source type Radware AppWall
    Protocol Configuration Syslog
Important: Your RadWare AppWall device might have event payloads that are longer than the default maximum TCP Syslog payload length of 4096 bytes. This overage can result in the event payload being split into multiple events by QRadar. To avoid this behavior, increase the maximum TCP Syslog payload length. To optimize performance, start by configuring the value to 8192 bytes. The maximum length for RadWare AppWall events is 14,019 bytes.

The maximum QRadar syslog payload size is 32,000 bytes. For more information about increasing the QRadar maximum payload size, see QRadar: TCP and UDP Syslog Maximum Payload Message Length for QRadar Appliances (https://www.ibm.com/support/pages/qradar-tcp-and-udp-syslog-maximum-payload-message-length-qradar-appliances).

You can verify that QRadar is configured to receive events from your Radware AppWall device when you complete Step 6 of the Configuring Radware AppWall to communicate with QRadar procedure.