Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Carbon Black Bit9 Parity

 

To collect events, you must configure your Carbon Black Bit9 Parity device to forward syslog events in Log Event Extended Format (LEEF).

  1. Log in to the Carbon Black Bit9 Parity console with Administrator or PowerUser privileges.
  2. From the navigation menu on the left side of the console, select Administration >System Configuration.

    The System Configuration window is displayed.

  3. Click Server Status.

    The Server Status window is displayed.

  4. Click Edit.
  5. In the Syslog address field, type the IP address of your JSA console or Event Collector.
  6. From the Syslog format list, select LEEF (Q1Labs).
  7. Select the Syslog enabled check box.
  8. Click Update.

    The configuration is complete. The log source is added to JSA as Carbon Black Bit9 Parity events are automatically discovered. Events that are forwarded to JSA by Carbon Black Bit9 Parity are displayed on the Log Activity tab of JSA.

Syslog Log Source Parameters for Carbon Black Bit9 Parity

If JSA does not automatically detect the log source, add a Carbon Black Bit9 Parity log source on the JSA Console by using the syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect syslog events from Carbon Black Bit9 Parity:

Table 1: Syslog Log Source Parameters for the Carbon Black Bit9 Parity DSM

Parameter

Value

Log Source type

Carbon Black Bit9 Parity

Protocol Configuration

Syslog

Log Source Identifier

The IP address or host name for the Carbon Black Bit9 Parity device.