Configuring an undocumented protocol
As an open platform, QRadar® collects and processes event data through multiple integration methods (protocol types). Some protocol types can be configured for a particular log source type but are marked as "undocumented". The DSM Configuration Guide doesn't contain instructions on how to set up event collection for undocumented protocols. IBM® does not offer support with the configuration of log sources that use undocumented protocols because they are not internally tested and documented.
Procedure
- Use SSH to log in to your QRadar Console appliance as a root user.
- Edit the following file: /store/configservices/staging/globalconfig/nva.conf
- Set the EXPOSE_UNDOCUMENTED_PROTOCOLS property value to true.
- Save the file.
- To close the SSH session type exit.
- Log in to the QRadar Console.
- Click the Admin tab.
- Click Deploy Changes. Undocumented protocol options appear in the Protocol Configuration list in the log source Add/Edit window.