Hi Joao, sorry for not being to precise but currently I don't have 2 box to test what I'm answering you, and since you're trying the latest version of IBM Verify Identity Access (IVIA), which it's the current name of the product. Just to make sure you're _NOT_ using the SaaS version, correct?
If you're answer it's that you're not using the SaaS version then this should apply.
On IVIA the "Web Reverse Proxy" it's the old "WebSEAL", so any reference to WebSEAL on the IBM documentation should apply, on that case IVIA it's the grandson of Tivoli Access Manager for e-business; so the DSM that you MAY use or you could try to use (from where I would start if I were you) it's this one: https://www.ibm.com/docs/en/dsm?topic=tivoli-access-manager-e-business.
So you need to go into the Web Reverse Proxy and modify the configuration through the UI, basically you will tell WebSEAL to send the events via syslog, there are a LOT of logs that you could enable; requests, administration, authorization, etc. I could imagine that you may be interested in focus on the "request.log" which generate the information of each request that WebSEAL received.
I would suggest that you create a log source on QRadar SIEM manually, do the deploy changes and then try to fit the format to the DSM, and or customer the DSM to match the event format and the mapping.
In case you need more help, just drop your results here.
There is also a logs from the LMI interface (the management UI) and the federation modules, etc. Which are managed differently of what I just explain.
best regards
------------------------------
Juan Paulo
IBM
Santiago
------------------------------
Original Message:
Sent: Mon August 18, 2025 05:54 AM
From: Joao Goncalves
Subject: DSM selection for ISVA 11
Hi
Which DSM should I select to process log events from IBM Security Verify Access?
------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------