Flowmon ADS configuration

After the installation, follow these steps to configure Flowmon ADS:

1. Open your Flowmon ADS module and set up Syslog reporting. Find this option in the Processing menu under Event reporting and then Syslog.

2. Then, go to your Flowmon Configuration Center module to System > System Settings > Syslog Event Logging.
3. Enable Use syslog event logging.
4. Click New server.

5. Enter the IP address of your QRadar appliance and its port, and select TCP as the protocol.
6. Click OK.
7. Click Configure syslog message.

8. Select the logs you want to send to QRadar. ADS logs are in the SSH Logs group and are the only logs related to the Flowmon ADS Content Pack.

9. Click Save.

10. After configuring the Syslog messages, click Hostname and take note of the current hostname of your Flowmon because this hostname is used for identification of syslog messages and must be set in QRadar.
11. Go to QRadar.
12. Select the Admin tab.

13. Click Log Sources.

14. Click Log Sources.

15. Click New Log Source in the top-right corner.

16. Click Single Log Source.

17. From the list of available log source types, select Flowmon ADS and click Select Protocol Type at the bottom-right.

18. Select Syslog from the list of available protocols and click Configure Log Source Parameters at the bottom-right.

19. Fill in the protocol source parameters and click Configure Protocol Parameters.

20. Fill in the Log Source Identifier (the value must be the same as the value set in the Hostname setup in the Flowmon Configuration Center) and click Finish.

After saving these settings, deploy the new changes and start collecting parsed logs in your QRadar.