Configuring the SNS firewall to send logs to IBM QRadar

  1. Log in to the web administration interface of your SNS firewall.
  2. Go to Configuration > Notifications > Logs - Syslog - IPFIX > SYSLOG tab.
  3. Edit one of the four available SYSLOG profiles.
  4. Name field: enter a custom name for this profile.
  5. Syslog server field: select or create a network object representing the IBM QRadar machine.
  6. Protocol field: select UDP.
  7. Port field: select syslog.
  8. Format field: select RFC5424.
  9. In Advanced properties > Logs enabled, select the log categories to be sent to IBM QRadar.
  10. Click on Apply.
  11. Double-click in a profile’s Status cell to enable it.

The installation is complete – the SNS firewall’s logs will be redirected to the IBM QRadar platform.