IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
Thank you for the quick response Colin! It would be extremely useful in our environment. Is there an RFE that we can vote on for that?
The information in this email is confidential and may be legally privileged against disclosure other than to the intended recipient. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Please immediately delete this message and inform the sender of this error.
For wincollect agents to send event data to disconnected log collector, what protocol configuration to be added in logsources.json file or by default will the disconnected log collector allow the event data from wincollect agents as while installation of wincollect we give destination (disconnected log collector IP and port 514 )which is configured in Qradar console
If you're sending plaintext syslog over either UDP or TCP, you don't need to configure anything on the DLC side, it will automatically listen for plaintext syslog. However if you want to send TLS syslog you'd need to configure a TLS listener for the DLC, either by editing the json file directly, or by configuring it in QRadar, exporting the config, and importing it on the DLC.Cheers