Enabling IBM QRadar and HP ArcSight syslog redirection - BlueCat Integrity - 26.1.0

BAM provides support for IBM® QRadar® and HP® ArcSight® SIEM integration through BDDS syslog to provide more analysis of DNS and DHCP data within an organization.

1. Select the Servers tab in the sidebar, then select Servers.
2. Select the name of a server.
3. Select the Services tab.
4. Under Monitoring and analytics, locate the Syslog service panel and select Edit service.
5. Select the ISO 8601 timestamps enabled checkbox to use the ISO 8601 timestamp format for locally logged messages. The format is as follows: YYYY-MM-DDTHH:mm:ss+-ZONE. For example, 2022-10-13T15:58:00+01:00. If you leave this checkbox unchecked, locally logged messages use the legacy BSD timestamp.
6. On the Syslog redirection servers tab, set the following parameters:
   • Server type—select ArcSight or QRadar as the server type.
   • Address—enter the IPv4/IPv6 address of the ArcSight or QRadar server.
7. Select Save.