Configuring syslog for Damballa Failsafe

To collect events, you must configure your Damballa Failsafe device to forward syslog events to IBM QRadar.

Procedure

  1. Log in to your Damballa Failsafe Management Console.
  2. From the navigation menu, select Setup > Integration Settings.
  3. Click the QRadar tab.
  4. Select Enable Publishing to IBM QRadar.
  5. Configure the following options:
    • Hostname - Type the IP address or Fully Qualified Name (FQN) of your QRadar Console.
    • Destination Port - Type 514. By default, QRadar uses port 514 as the port for receiving syslog events.
    • Source Port - This input is not a requirement. Type the Source Port your Damballa Failsafe device uses for sending syslog events.
  6. Click Save.

    The configuration is complete. The log source is added to QRadar as Damballa Failsafe events are automatically discovered. Events that are forwarded by Damballa Failsafe are displayed on the Log Activity tab of QRadar.