Configuring the SNS firewall to send logs to IBM QRadar

1. Log in to the web administration interface of your SNS firewall.
2. Go to Configuration > Notifications > Logs - Syslog - IPFIX > SYSLOG tab.
3. Edit one of the four available SYSLOG profiles.
4. Name field: enter a custom name for this profile.
5. Syslog server field: select or create a network object representing the IBM QRadar machine.
6. Protocol field: select UDP.
7. Port field: select syslog.
8. Format field: select RFC5424.
9. In Advanced properties > Logs enabled, select the log categories to be sent to IBM QRadar.
10. Click on Apply.
11. Double-click in a profile’s Status cell to enable it.
    

The installation is complete – the SNS firewall’s logs will be redirected to the IBM QRadar platform.