Configuring a Pulse Secure Pulse Connect Secure device to send syslog events to QRadar

To forward syslog events to QRadar, you need to configure syslog server information for events, user access, administrator access and client logs on your Pulse Secure Pulse Connect Secure device.

1. Log in to your Pulse Secure Pulse Connect Secure device administration user interface on the web:

   https://<IP_address>/admin

2. Configure syslog server information for events.
   1. Click System > Log/Monitoring > Events > Settings.
   2. From the Select Events to Log section, select the events that you want to log.
   3. In the Server name/IP field, type the name or IP address of the syslog server.
   4. Click Add, and then click Save Changes.
3. Configure syslog server information for user access.
   1. Click System > Log/Monitoring > User Access > Settings.
   2. From the Select Events to Log section, select the events that you want to log.
   3. In the Server name/IP field, type the name or IP address of the syslog server.
   4. Click Add, and then click Save Changes.
4. Configure syslog server information for Administrator access.
   1. Click System > Log/Monitoring > Admin Access > Settings.
   2. From the Select Events to Log section, select the events that you want to log.
   3. In the Server name/IP field, type the name or IP address of the syslog server.
   4. Click Add, and then click Save Changes.
5. Configure syslog server information for client logs.
   1. Click System > Log/Monitoring > Client Logs > Settings.
   2. From the Select Events to Log section, select the events that you want to log.
   3. In the Server name/IP field, type the name or IP address of the syslog server.
   4. Click Add, and then click Save.

Results

You are now ready to configure a log source in QRadar.