IBM Support

QRadar: Snare hostname in syslog header and log source name

Question & Answer


How does QRadar determine the Log Source identifier of Snare events?


We look for an IP or Hostname in the syslog header. You can configure SNARE to insert the desired IP or Hostname with the following process:

  • Open SNARE for Windows, select network configuration and override detected DNS Name with: IP or Hostname.
  • This will be the value that Snare uses in the syslog header.

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Integrations - 3rd Party","Platform":[{"code":"PF033","label":"Windows"}],"Version":"7.1;7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018