Create a log source for near real-time event feed
The Syslog protocol enables IBM QRadar to receive System Management Facilities (SMF) events in near real-time from a remote host.
The following DSMs are supported:
- IBM z/OS
- IBM® CICS®
- IBM RACF®
- IBM DB2®
- CA Top Secret
- CA ACF2
If QRadar does not automatically detect the log source, add a log source for your DSM on the QRadar console.
The following table describes the parameters that require specific values for event collection for your DSM:
Parameter | Value |
---|---|
Log Source type | Select your DSM name from the list. |
Protocol Configuration | Syslog |
Log Source Identifier | Type a unique identifier for the log source. |