You can integrate an HPE Tandem device with IBM® QRadar®. An HPE Tandem device accepts SafeGuard Audit file events by using a log file protocol source.
About this task
A log file protocol source allows QRadar to retrieve archived log files from a remote host. The HPE Tandem DSM supports the bulk loading of log files by using the log file protocol source.
When you configure your HPE Tandem device to use the log file protocol, ensure that the hostname or IP address that is configured in the HPE Tandem device and in the Remote Host parameter are the same.
The SafeGuard Audit file names use the following format:
The single alphabet
A is followed by a seven-digit decimal
nnnnnnn, which increments by 1 each time
a name is generated in the same audit pool.
You are now ready to configure the log source and protocol in QRadar.
- From the Log Source Type list, select HP Tandem.
- To configure the log file protocol, from the Protocol Configuration list, select Log File.
- From the Event Generator list, select HPTANDEM
Note: Your system must be running the current version of the log file protocol to integrate with an HPE Tandem device:
For more information about HPE Tandem, see your vendor documentation.
For more information about configuring the Log File protocol in QRadar, see Log File protocol configuration options.