IBM Support

QRadar: How to set up a report to identify which Log Sources trigger Syslog event timeout message

How To


Summary

Configuring "Syslog event timeout" for each type of log source is not possible. However, you can identify the log sources that are not sending data by creating a daily report that you can configure.

Steps

You want to configure the report to match the System Setting on Syslog Event Timeout (minutes).
  1. Log in to the QRadar UI as Administrator.
  2. On the navigation menu ( Navigation menu icon ), click the Report tab.
    image 8149
  3. Click the Actions button and select Create.
    image 8151
  4. In the Report Wizard select the time period you want to report > click Next.
  5. Select scheduled to generate the report > click Next.
  6. Select a Layout > click Next.
  7. Enter a Report Title and Chart Type = Log Source.
    image 8152
  8. Create a Chart Title.
  9. In the Log Sources section, select the log sources you want to report on. (You can check the box for All log sources)
    image 8153
  10. Scroll to the bottom of the window there is a Data Options field, check Only include log sources that have not reported for, box, and set the time frame to match the Syslog Event Timeout threshold configuration in System Settings.
    image 8154
  11. Click Save Container Details > click Next.
  12. Review the layout > click Next.
  13. Select the report format > click Next.
  14. Select the report distribution channel > click Next.
  15. Create a report description > click Next.
  16. Report Summary > click Finished.
Result: You have a report identifying the Log Sources that trigger the Syslog event timeout message.

Additional Information

Document Location

Worldwide

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt0AAA","label":"Log Source"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Document Information

Modified date:
04 February 2021

UID

ibm16411006