Syslog log source parameters for Cisco Wireless LAN Controllers
If QRadar does not automatically detect the log source, add a Cisco Wireless LAN Controller log source on the QRadar Console by using the syslog protocol.
When using the syslog protocol, there are specific parameters that you must use.
Parameter | Value |
---|---|
Log Source type | Cisco Wireless LAN Controllers |
Protocol Configuration | Syslog |
Log Source Identifier | Type the IP address or host name for the log source. The identifier helps you determine which events came from your Cisco Wireless LAN Controller. |
Enabled | Select the Enabled check box to enable the log source. By default, the check box is selected. |
Credibility | From the list, select the credibility of the log source. The range is 0 - 10. The credibility indicates the integrity of an event or offense as determined by the credibility rating from the source devices. Credibility increases if multiple sources report the same event. The default is 5. |
Target Event Collector | From the list, select the Target Event Collector to use as the target for the log source. |
Coalescing Events | Select this check box to enable the log source to coalesce (bundle) events. Automatically discovered log sources use the default value that is configured in the Coalescing Events drop-down list in the QRadar Settings window on the Admin tab. However, when you create a new log source or update the configuration for an automatically-discovered log source, you can override the default value by configuring this check box for each log source. For more information on settings, see the IBM QRadar Administration Guide. |
Incoming Event Payload | From the list, select the incoming payload encoder for parsing and storing the logs. |
Store Event Payload | Select this check box to enable or disable QRadar from storing the event
payload. Automatically discovered log sources use the default value from the Store Event Payload drop-down list in the QRadar Settings window on the Admin tab. However, when you create a new log source or update the configuration for an automatically discovered log source that you can override the default value by configuring this check box for each log source. |