You can encrypt syslog traffic to be sent to QRadar® by configuring the WinCollect destination to use a Transport Layer
Security (TLS) certificate.
Procedure
-
In the WinCollect Configuration Console,
expand the Destinations parameter.
-
Right-click the Syslog TCP, and click Add New
Destination.
-
In the New Destination Name field, add a name for the destination, and
click OK.
Tip: Use a destination name that includes the IP address, such as
"<Managed_Host>_1.2.3.4". If you need to edit the log source and change a
destination in the future, this destination name helps you determine the IP address for the
destination.
-
Expand Syslog TCP, and select the destination that you added in step 3
to view the Properties window.
-
Define the Name and Hostname.
-
Change the Port to 6514, and set the Throttle
rate.
-
Copy and paste the TLS certificate for the new destination in the
Certificate field.
Note: Make sure that you include the "-----BEGIN CERTIFICATE-----" and the
"-----END CERTIFICATE-----" when you copy the TLS certificate.
-
Click Deploy Changes under the Actions
pane.