Configure the log source in IBM
QRadar to get a certificate
from Check Point and to receive log information.
Procedure
-
Log in to QRadar.
-
Click the Admin tab.
-
Click Data Sources.
-
Click the Log Sources icon, and then click Add.
-
Configure the following values:
Table 1. Configuring Check Point log source parameters
|
Parameter
|
Description
|
| Log Source Name |
The identifier for the log source.
|
| Log Source Description |
The description is optional. |
| Log Source Type |
Select Check Point . |
| Protocol Configuration |
Select Syslog. |
| Log Source Identifier |
IP address of your SMS. |
| Enabled |
Leave this checkbox selected to enable the log source. By default, the
checkbox is selected. |
| Credibility |
The range is 0 - 10. The credibility indicates the integrity of an event or
offense as determined by the credibility rating from the source devices. Credibility increases when
multiple sources report the same event. The default is 5. |
| Target Event Collector |
From the list, select the Target Event Collector to use
as the target for the log source. |
| Coalescing Events |
Enables the log source to coalesce (bundle) events. By default, automatically
discovered log sources inherit the value of the Coalescing Events list from the System Settings
properties in QRadar. When
you create a log source or edit an existing configuration, you can override the default value by
configuring this option for each log source. |
| Store Event Payload |
Enables the log source to store event payload information. By default,
automatically discovered log sources inherit the value of the Store Event Payload list from the
System Settings properties in QRadar. When you create a log
source or edit an existing configuration, you can override the default value by configuring this
option for each log source. |
-
Click Save.
-
On the Admin tab, click Deploy Changes.
Results
If you find that changes are implemented automatically, it's still good practice to click
Deploy Changes.
The configuration of the log source is complete.
For more information about configuring log sources, see the IBM
QRadar
Managing Log Sources Guide.