Log Source Configuration

This section provides the log source configuration details for Windows and Linux machines.

Log Source Creation for Windows

To create a log source on a Windows machine:

  1. In the Admin tab, click WinCollect to see the WinCollect agent that was created.

  1. Click Add a log source and provide the following information:

    • Log Source Name – Example: Centrify Windows

    • Log Source Description – Example: Centrify Events from 10.0.3.162

    • Log Source Type – Select Centrify Infrastructure Services

    • Protocol Configuration – WinCollect

    • Log Source Identifier – IP address of the machine that is sending events to QRadar. Example: 10.0.3.162

    • Domain – centrify.vms

    • User Name – for the Domain value (such as centrify.vms)

    • Password – for the Domain value (such as centrify.vms)

    • Standard Log Types – Click Application

    • WinCollect Agent – Select the WinCollect @ MEMBER agent that you created in WinCollect

    • Coalescing Events – Deselect (uncheck) it

    • Log Source Extension – Centrify

  1. Click Save.

  2. At the prompt, deploy the changes.

Log Source Creation for Linux

To create a log source on a Linux machine:

  1. Click Add a log source.

  2. Provide the following information:

    • Log Source Name – Example: Centrify Linux

    • Log Source Description – Example: Centrify Linux

    • Log Source Type – Select Centrify Infrastructure Services

    • Protocol Configuration – Syslog

    • Log Source Identifier – IP address of the machine that is sending events to QRadar. Example: 10.0.3.162

    • Coalescing Events – Check it

    • Log Source Extension – Select Centrify


  1. Click Save.

  2. At the prompt, deploy the changes.