Pulling Data when you use the Log File Protocol
You can configure IBM® i as the log source, and to use the log file protocol in IBM QRadar®:
- To configure QRadar to receive events from an IBM i system, you must select the IBM i option from the Log Source Type list when you add a log source in QRadar.
To configure the log file protocol for the IBM i DSM, you must select the Log
File option from the Protocol Configuration list and define the
location of your FTP server connection settings.
Note: If you are using the PowerTech Interact or LogAgent for System i® software to collect CEF formatted syslog messages, you must select the Syslog option from the Protocol Configuration list.
- Use the log file protocol option that you select a secure protocol for transferring files, such as Secure File Transfer Protocol (SFTP).
For a complete list of Log File protocol parameter options, see Log File protocol configuration options.