Syslog log source parameters for BeyondTrust PowerBroker

If QRadar does not automatically detect the log source, add a BeyondTrust PowerBroker log source on the QRadar Console by using the Syslog protocol.

When using the Syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Syslog events from BeyondTrust PowerBroker:
Table 1. Syslog log source parameters for the BeyondTrust PowerBroker DSM
Parameter Value
Log Source type BeyondTrust PowerBroker
Protocol Configuration Syslog
Log Source Identifier Type a unique IP address or host name.
Store Event Payload

Select this check box to enable or disable QRadar from storing the event payload.

Automatically discovered log sources use the default value from the Store Event Payload list in the System Settings window, which is accessible on the Admin tab. However, when you create a new log source or update the configuration for an automatically discovered log source, you can override the default value by configuring this check box for each log source.