Arbor Networks Peakflow SP
IBM QRadar can collect and categorize syslog and TLS syslog events from Arbor Networks Peakflow SP appliances that are in your network.
Arbor Networks Peakflow SP appliances store the syslog events locally.
To collect local syslog events, you must configure your Peakflow SP appliance to forward the syslog events to a remote host. QRadar automatically discovers and creates log sources for syslog events that are forwarded from Arbor Networks Peakflow SP appliances. QRadar supports syslog events that are forwarded from Peakflow V5.8 to V8.1.2.
To configure Arbor Networks Peakflow SP, complete the following steps:
- On your Peakflow SP appliance, create a notification group for QRadar.
- On your Peakflow SP appliance, configure the global notification settings.
- On your Peakflow SP appliance, configure your alert notification rules.
- If automatic updates are not enabled for QRadar, RPMs are available for
download from the IBM® support website. Download and install the most recent
version of the following RPMs on your QRadar
Console.
- DSMCommon RPM
- Arbor Networks Peakflow SP DSM RPM
- Configure your Arbor Networks Peakflow SP appliance to send syslog or TLS syslog events to QRadar.
- If QRadar does not
automatically detect the log source, add an Arbor Networks Peakflow SP log source on the QRadar
Console. The following tables describe
the parameters that require specific values to collect events from Arbor Networks Peakflow SP:
Table 1. Arbor Networks Peakflow SP log source parameters Parameter Value Log Source type Arbor Networks Peakflow SP Protocol Configuration Select Syslog or TLS Syslog Log Source Identifier Type a unique name for the log source.