Configuring a Cisco IronPort and Cisco WSA data source by using the Syslog connector
You can configure a data source in IBM® Security QRadar® Log Insights so that the Cisco IronPort Appliance and Cisco Web Security Appliance (WSA) can communicate with QRadar Log Insights by using the Syslog connector.
Procedure
Configure a Cisco IronPort data source in QRadar Log
Insights by using
Syslog. The following table describes the Syslog data source parameters
that require specific values for retrieving logs from Cisco IronPort and Cisco WSA.
| Parameter | Value |
|---|---|
| Data source type | Cisco IronPort |
| Connector type | Syslog |
| Data source identifier | The IPv4 address or host name that identifies the log source. If your network contains multiple devices that are attached to a single management console, specify the IP address of the individual device that created the event. A unique identifier, such as an IP address, prevents event searches from identifying the management console as the source for all of the events. |
For more information about adding a data source in QRadar Log Insights, see Adding ingestion data sources.