IBM Security QRadar

We have a support technical note to outline how to connect WinCollect events to a DLC with the TLS Syslog protocol here: https://www.ibm.com/support/pages/node/6551380

Note: WinCollect and DLC is not a tested configuration, which is why the article is written the way it is. However, the procedure would be similar similar, so you could use this as an overview.

DLC supports TLS Syslog, but we do not describe the Syslog-ng side of the configuration. We do have a more detailed walkthrough on how to setup TLS Syslog with DLC and certificates that you might find helpful here too: https://www.ibm.com/support/pages/node/6461943.

We have a support technical note to outline how to connect WinCollect events to a DLC with the TLS Syslog protocol here: https://www.ibm.com/support/pages/node/6551380

Note: WinCollect and DLC is not a tested configuration, which is why the article is written the way it is. However, the procedure would be similar similar, so you could use this as an overview.

DLC supports TLS Syslog, but we do not describe the Syslog-ng side of the configuration. We do have a more detailed walkthrough on how to setup TLS Syslog with DLC and certificates that you might find helpful here too: https://www.ibm.com/support/pages/node/6461943.

Disconnected Log Collector appliances are essentially Event Collector appliances in an RPM. They are intended only to forward data to QRadar appliances and connect to the ecs-ep service that would be running on a Console or Event Processor appliance. The final destination must be QRadar and you cannot send events to a standard Syslog listener, such as Syslog-ng as the DLC is receiving and expects to hand off events to a QRadar service, which would not exist on the Syslog-ng appliance.

The receiver must be a QRadar Console or Event Processor as described in this image from the documentation:

We have a support technical note to outline how to connect WinCollect events to a DLC with the TLS Syslog protocol here: https://www.ibm.com/support/pages/node/6551380

Note: WinCollect and DLC is not a tested configuration, which is why the article is written the way it is. However, the procedure would be similar similar, so you could use this as an overview.

DLC supports TLS Syslog, but we do not describe the Syslog-ng side of the configuration. We do have a more detailed walkthrough on how to setup TLS Syslog with DLC and certificates that you might find helpful here too: https://www.ibm.com/support/pages/node/6461943.