Configuring the log source

SNS firewalls send their logs to IBM QRadar over the syslog protocol.

1. Log in to your IBM QRadar console.
2. In the Admin menu, select Log Source.
3. Click on Add.
4. Fill in the form to create the Log Source:

• Log Source Name field: enter a name for your new log source (e.g.: Stormshield SNS device).
• Log Source description field: enter a description of your new log source.
• Protocol Configuration field: select Syslog.
• Log Source Identifier field: enter the host name of your SNS firewall.
  If no host name has been defined on your firewall, enter its serial number (e.g.: VMSNSX0000000A1).
• Log Source Extension field: selectStormshieldNeworkSecurityCustom_ext.

5. Click on Save.