Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Sending Encrypted Events to JSA

In JSA, configure a Universal DSM that uses the TLS Syslog protocol. For more information, see the Configuring DSMs Guide.

The uDSM opens a port and provides the certificate that is necessary for communicating by using TLS. If you delete the uDSM, TLS communication stops.

Configure a log source in stand-alone deployments of WinCollect to send encrypted events to JSA with TLS syslog. TLS Syslog is only supported in managed WinCollect deployments in JSA 7.3.1 and later.

  1. Use SSH to log in to JSA as the root user.
  2. Copy the certificate, including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- from /opt/qradar/conf/trusted_certificates/syslog-tls.cert to a temporary location. You will paste this certificate into the WinCollect Configuration Console.
  3. In the WinCollect Configuration Console, expand Destinations, and click Add Destination.
  4. In the New Destination Name box, add a name for the destination and then click OK.
  5. Select the new destination and enter the IP address of the target JSA appliance in the Hostname field.
  6. Type 6514 in the Port field.
  7. Type the events per second (EPS) rate for your deployment in the Throttle field.
  8. Paste the certificate that you copied from JSA into the Certificate field.
  9. Click Deploy Changes under Actions.

Related Documentation