To collect events, you must configure your Damballa Failsafe device to forward syslog
events to IBM
QRadar.
Procedure
-
Log in to your Damballa Failsafe Management Console.
-
From the navigation menu, select .
-
Click the QRadar
tab.
-
Select Enable Publishing to
IBM
QRadar.
-
Configure the following options:
- Hostname - Type the IP address or Fully Qualified Name (FQN) of your QRadar
Console.
- Destination Port - Type 514. By default, QRadar uses port 514 as the port
for receiving syslog events.
- Source Port - This input is not a requirement. Type the Source Port your
Damballa Failsafe device uses for sending syslog events.
-
Click Save.
The configuration is complete. The log source is added to QRadar as Damballa Failsafe events
are automatically discovered. Events that are forwarded by Damballa Failsafe are displayed on the
Log Activity tab of QRadar.