Log Source Configuration

This section provides the log source configuration details for Windows and Linux machines.

Log Source Creation for Windows

To create a log source on a Windows machine:

  1. In the Admin tab, click WinCollect to see the WinCollect agent that was created.

    alt

  2. Click Add a log source and provide the following information:

    • Log Source Name – Example: Delinea Windows

    • Log Source Description – Example: Delinea Events from 10.0.3.162

    • Log Source Type – Select Delinea Infrastructure Services

    • Protocol Configuration – WinCollect

    • Log Source Identifier – IP address of the machine that is sending events to QRadar. Example: 10.0.3.162

    • Domain – centrify.vms

    • User Name – for the Domain value (such as centrify.vms)

    • Password – for the Domain value (such as centrify.vms)

    • Standard Log Types – Click Application

    • WinCollect Agent – Select the WinCollect @ MEMBER agent that you created in WinCollect

    • Coalescing Events – Deselect (uncheck) it

    • Log Source Extension – Delinea

      alt

      alt

      alt

  3. Click Save.

  4. At the prompt, deploy the changes.

Log Source Creation for Linux

To create a log source on a Linux machine:

  1. Click Add a log source.

  2. Provide the following information:

    • Log Source Name – Example: Delinea Linux

    • Log Source Description – Example: Delinea Linux

    • Log Source Type – Select Delinea Infrastructure Services

    • Protocol Configuration – Syslog

    • Log Source Identifier – IP address of the machine that is sending events to QRadar. Example: 10.0.3.162

    • Coalescing Events – Check it

    • Log Source Extension – Select Delinea

    alt

    alt

  3. Click Save.

  4. At the prompt, deploy the changes.