Configuring a Cisco IronPort and Cisco WSA data source by using the Syslog connector

You can configure a data source in IBM® Security QRadar® Log Insights so that the Cisco IronPort Appliance and Cisco Web Security Appliance (WSA) can communicate with QRadar Log Insights by using the Syslog connector.


Configure a Cisco IronPort data source in QRadar Log Insights by using Syslog. The following table describes the Syslog data source parameters that require specific values for retrieving logs from Cisco IronPort and Cisco WSA.
Table 1. Cisco IronPort data source parameters for Syslog
Parameter Value
Data source type Cisco IronPort
Connector type Syslog
Data source identifier The IPv4 address or host name that identifies the log source.

If your network contains multiple devices that are attached to a single management console, specify the IP address of the individual device that created the event. A unique identifier, such as an IP address, prevents event searches from identifying the management console as the source for all of the events.

For more information about adding a data source in QRadar Log Insights, see Adding ingestion data sources.