Log source detection

IBM QRadar automatically detects log sources that send syslog messages to an Event Collector.

Log sources are detected when QRadar receives a specific number of identifiable syslog messages. The traffic analysis component processes syslog messages, identifies the DSMs that are installed on the system, and then assigns the appropriate DSM to the log source. Automatically discovered log sources are displayed in the Log Sources window.

QRadar might not automatically detect log sources that have low activity levels. You must add these devices manually.

Important: DSMs are used to interpret log source data. To receive log source data, you must ensure that the correct DSMs are installed in QRadar.

For more information about automatically detecting or manually adding log sources, see the IBM QRadar DSM Configuration Guide.