Question & Answer
How do different event log sources compare?
There are many different supported log sources types in QRadar. From Firewalls, Authentication devices, Scanners, File Servers, Application platforms.
Your monitoring, audit and security needs will influence the kinds of Log Sources you configure to send events to QRadar. Each Log Source in turn supports a number of protocols that may be used to communicate with QRadar. Amongst the supported protocols are JDBC, Syslog, SNMP, Log File, OPSEC/LEA, TLS-Syslog, Syslog-redirect, UDP multiline and TCP multiline.
UDSMs allow you to add loggers or logging formats to QRadar that are not supported otherwise. UDSM with Log Source Extensions allow users to include additional customized functionality in their QRadar deployments.
Each of these Log Sources types provide a different perspective into and type of information about your network. A Firewall will report the number of remote systems trying to get into your network, while a Windows or LDAP Authentication Server will provide you information about local staff members logging into network resources.
For more information on Log Source types, please refer to the QRadar 7.3.1 DSM Guide.
Where do you find more information?
Was this topic helpful?
16 June 2018