IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Kaspersky Security Center SYSLOH create many log sources

  • 1.  Kaspersky Security Center SYSLOH create many log sources

    Posted Tue November 17, 2020 10:57 AM
    Hi Folks
    I am getting logs from Kaspersky Security Center (KSC) using syslog. Logs has client machines domain names like below
    <14>1 2020-11-16T11:13:22.000Z desktopname.xxx.xxx KES|11.0.0.0
    So QRadar creating too many log sources even I close Auto Detection parameter using DSM Editor and Admin --> System Settings --> Edit Host

    So could you please help me to handle log creation problem.
    PS: Is there any body faced with this issue before?

    Thanks

    ------------------------------
    Hasan Erhan AYDINOĞLU
    ------------------------------


  • 2.  RE: Kaspersky Security Center SYSLOH create many log sources

    Posted Mon December 30, 2024 11:21 AM

    Could you help explain how you connected IBM Qradar to Kaspersky Security Center? I specified event export settings in KSC but am not sure what I should configure in IBM Qradar. Could you please help me? 



    ------------------------------
    Ahnaf Tahmeed
    ------------------------------

    Original Message