/
Sending logs to QRadar

Sending logs to QRadar

Owned by rthornton
Last updated: Jan 29, 2025
2 min read

Snare agents can be configured to forward log data to QRadar, the following guide details the steps required with Snare to correctly configure delivery:

  1. Login to the Snare agent.

  2. From your Snare Enterprise Agent, navigate to the Destination Configuration page.

  3. Under Network Destinations set:
    To send logs to QRadar via Snare Central:

  • Domain/IP to your Snare Central destination

  • Port to 6161

  • Protocol to UDP or TCP (recommended)

  • Format to QRadar

    To send logs directly to QRadar:

  • Domain/IP to your QRadar destination

  • Port to 514

  • Protocol to UDP or TCP (recommended)

  • Format to SYSLOG (RFC3164) or other.  LEEF may be use though the Port will require updating.

  1. Under Hostname Options tick the Host IP As Source checkbox and select the network adapter you would like to use as the IP override.

  2. Select Update Destinations to save your page settings.

  3. Click Apply Configuration & Restart Service menu item to update the registry.

Related content

How to configure Snare Agents for QRadar
How to configure Snare Agents for QRadar
Snare Solutions
More like this
Destinations
Destinations
Snare Reflector Documentation
More like this
Third Party & Batch Data Sources
Third Party & Batch Data Sources
Snare Central v7 Documentation
More like this
Third Party & Batch Data Sources
Third Party & Batch Data Sources
Snare Central v8 Documentation
More like this
Third Party & Batch Data Sources v8.0.0
Third Party & Batch Data Sources v8.0.0
Snare Central v8 Documentation
More like this
Sending logs to Securonix
Sending logs to Securonix
Snare Windows Agent v5 Documentation
More like this