Sending Encrypted Events to JSA
Configure a log source in stand-alone deployments of WinCollect to send encrypted events to JSA with TLS syslog. TLS Syslog is only supported in managed WinCollect deployments in JSA 7.3.1 and later.
In JSA, configure a Universal DSM that uses the TLS Syslog protocol. For more information, see the Configuring DSMs Guide.
The uDSM opens a port and provides the certificate that is necessary for communicating by using TLS. If you delete the uDSM, TLS communication stops.
- Use SSH to log in to JSA as the root user.
- Copy the certificate, including
/opt/qradar/conf/trusted_certificates/syslog-tls.certto a temporary location. You will paste this certificate into the WinCollect Configuration Console.
- In the WinCollect Configuration Console, expand Destinations, and click Add Destination.
- In the New Destination Name box, add a name for the destination and then click OK.
- Select the new destination and enter the IP address of the target JSA appliance in the Hostname field.
- Type 6514 in the Port field.
- Type the events per second (EPS) rate for your deployment in the Throttle field.
- Paste the certificate that you copied from JSA into the Certificate field.
- Click Deploy Changes under Actions.