/
Create Log Source to collect LEEF data
Document toolboxDocument toolbox

Create Log Source to collect LEEF data

Owned by Shirly Tsang
Aug 05, 2024
2 min read

Ensures that the QRadar Log Source Management app is installed on your QRadar Console.

For more information about installing the app, please check Installing the QRadar Log

Source Management app

  1. Open the QRadar Log Source Management app from the QRadar console.

  1. Click + New Log Source -> Click Single Log Source

  1. On the Select Log Source Type page, select Infoblox Syslog and click Select Protocol Type.

  1. Select Syslog protocol and click Configure Log Source Parameters.

  1. On the Configure the Log Source parameters page, enter the required log source parameters:

    1. Name: Name of the Log Source to be created.

    2. Extension: Choose the extension as InfobloxSyslogCustom_ext.

  2. Make sure to disable Coalescing Events to avoid grouping the events on the basis of Source and Destination IP. Click Configure Protocol Parameters to proceed.

  3. On the Configure protocol parameters page, specify the Log Source Identifier for the log source to be created. 

Note:  Log source identifier must be the host name of the Infoblox portal from which data will be forwarded to QRadar. The log source identifier should not contain the space. For example if the Host name is something like “ZTP QRadar 1234” then specify Log source Identifier as “ZTPQRadar1234”.

  1. Click on Finish and close the Log Source Management App.

Note

  1. Make sure you deploy the changes after creating a log source.

  2. Qradar DSM will only accepts the data in the LEEF format from the Infoblox data connector. Make sure to forward data in the LEEF format.

Related content