Configure the PCAP Syslog Protocol

The Juniper SRX Series appliance supports forwarding of packet capture (PCAP) and syslog data to IBM QRadar.

Syslog data is forwarded to QRadar on port 514. The IP address and outgoing PCAP port number are configured on the Juniper Networks SRX Series appliance interface. The Juniper Networks SRX Series appliance must be configured in the following format to forward PCAP data:

<IP Address>:<Port>

Where,

<IP Address> is the IP address of QRadar.
<Port> is the outgoing port address for the PCAP data.

Note:

QRadar supports receiving PCAP data only from a single Juniper Networks SRX Series appliance for each event collector.

For more information about Configuring Packet Capture, see your Juniper Networks Junos OS documentation.

You are now ready to configure the new Juniper Networks SRX Log Source with PCAP protocol in QRadar.

Note: The RPM name for PCAP Protocol is now PCAPSyslog Protocol:

RPM Name: PROTOCOL-PCAPSyslog-<QRadar_version-Build_number>.noarch.rpm