Event collection

Log Collection

PUSH METHOD [Log sources generate the logs and send them to QRadar] - For example, Syslog

PULL METHOD [Log sources generate the logs but don't send them to QRadar, it is stored locally.QRadar needs to connect to the server and collect the information] - For example, Collecting logs from Windows servers

images/12-1

images/12-2

Examples:

images/12-3

images/12-4

images/12-5

images/12-6

images/12-7

images/12-8