Syslog log source parameters for BeyondTrust PowerBroker
If QRadar does not automatically detect the log source, add a BeyondTrust PowerBroker log source on the QRadar Console by using the Syslog protocol.
When using the Syslog protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect Syslog
events from BeyondTrust PowerBroker:
Parameter | Value |
---|---|
Log Source type | BeyondTrust PowerBroker |
Protocol Configuration | Syslog |
Log Source Identifier | Type a unique IP address or host name. |
Store Event Payload |
Select this check box to enable or disable QRadar from storing the event payload. Automatically discovered log sources use the default value from the Store Event Payload list in the System Settings window, which is accessible on the Admin tab. However, when you create a new log source or update the configuration for an automatically discovered log source, you can override the default value by configuring this check box for each log source. |