HTTP Receiver log source parameters for IBM Security Trusteer
If QRadar® does not automatically detect the log source, add a IBM® Security Trusteer® log source on the QRadar Console by using the HTTP Receiver protocol.
When using the HTTP Receiver protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect HTTP Receiver events from IBM Security Trusteer:
|Log Source type||IBM Security Trusteer|
|Protocol Configuration||HTTP Receiver|
|Log Source Identifier||The IP address, hostname, or any name to identify the device.
The name must be unique for the log source type.
The port that is used by QRadar to accept incoming HTTP Receiver events. The port must match the port that is configured on your IBM Security Trusteer device. The default port is 12469.
Important: Do not use port 514. Port 514 is used by the standard Syslog listener.
For a complete list of HTTP Receiver protocol parameters and their values, see HTTP Receiver protocol configuration options.