Configuring a Cisco IronPort and Cisco WSA log source by using the Syslog protocol
You can configure a log source on the QRadar® Console so that the Cisco IronPort Appliance and Cisco Web Security Appliance (WSA) can communicate with QRadar by using the Syslog protocol.
Procedure
Configure a Cisco IronPort log source on the QRadar Console by using Syslog.
The following tables describe the Syslog log source parameters that require specific values for
retrieving logs from Cisco IronPort and Cisco WSA.
| Parameter | Value |
|---|---|
| Log Source type | Cisco IronPort |
| Protocol Configuration | Syslog |
| Log Source Identifier | The IPv4 address or host name that identifies the log source. If your network contains multiple devices that are attached to a single management console, specify the IP address of the individual device that created the event. A unique identifier, such as an IP address, prevents event searches from identifying the management console as the source for all of the events. |