Installing SysFlow DSM

You must install SysFlow Device Support Module (DSM) parser in the QRadar to add log sources into QRadar. Using other DSM versions may cause unexpected errors and corrupt source data.

About this task

You can install the DSM through auto-updates or you can upload to QRadar and install it manually.

Procedure

  1. Download the DSM RPM file from IBM Fix Central.
  2. Copy the RPM file to your QRadar Console.
  3. Use SSH to log in to the QRadar host as the root user.
  4. Go to the directory that includes the downloaded file.
  5. Type the following command: 
    rpm -Uvh DSM-SysFlow-7.4-20201124155529.noarch.rpm
  6. From the Admin settings, click Deploy Changes.
  7. From the Admin settings, select Advanced > Restart Web Services.

What to do next

See Installing IBM QRadar content extension for SysFlow.