Create a log source for near real-time event feed

The Syslog protocol enables IBM® QRadar® to receive System Management Facilities (SMF) events in near real-time from a remote host.

The following DSMs are supported:
  • IBM z/OS
  • IBM DB2®
  • CA Top Secret
  • CA ACF2

If QRadar does not automatically detect the log source, add a log source for your DSM on the QRadar console.

The following table describes the parameters that require specific values for event collection for your DSM:

Table 1. Log source parameters
Parameter Value
Log Source type Select your DSM name from the list.
Protocol Configuration Syslog
Log Source Identifier Type a unique identifier for the log source.