Introduction
We’re excited to announce the release of IBM Disconnected Log Collector (DLC) version 2.0.0, a major upgrade from version 1.8.7. This release ensures your environments remain secure, compliant, and future-ready, aligning with IBM’s QRadar SIEM continued focus on platform modernization and performance excellence.
Why This Release Matters
The IBM DLC v2.0.0 marks one of the most significant upgrades. These Improvements include:
- Platform modernization with Java11
- Added support for new connectors
- Enhanced Security Coverage
- Upgrade to AWS SDK version 2
- Upgraded Azure SDK
- Multiple connectors updated to align with enhancements
Whether you operate in a hybrid, on-premises, or air-gapped setup, DLC 2.0.0 delivers better stability, improved compatibility with the latest connectors, and reduced maintenance overhead - empowering you to collect logs more efficiently and securely than ever before.
If you’re just getting started with DLC, here’s a quick overview to provide some context.
What is IBM Disconnected Log Collector (DLC)?
The IBM DLC is a free software component that enables log collection in isolated or restricted environments. It accepts events from a predefined set of log sources and securely forwards them to an IBM QRadar SIEM deployment.
Although DLC is compatible with IBM QRadar SIEM 7.3.1 or later, it is always recommended to use the latest releases to benefit from enhanced security, improved performance, and the most up-to-date feature support.
The DLC supports communication using either:
- UDP (User Datagram Protocol) - lightweight and connectionless, ideal for low-latency log delivery
- TLS over TCP (Transport Layer Security) - providing encrypted and reliable event forwarding
When using TLS over TCP, DLC can buffer incoming events during network disconnections and automatically send them once connectivity to IBM QRadar SIEM is restored. The buffer capacity is configurable and depends on available memory and disk space.
DLC is particularly valuable for:
- Air-gapped or highly secured networks where direct IBM QRadar SIEM communication is not feasible
- Multi-tenant or managed security service provider (MSSP) environments requiring isolated event forwarding
- Disaster recovery or temporary network outage scenarios that need reliable event retention and forwarding
While DLC offers powerful flexibility, the TLS certificate configuration provides strong data protection and efficiently supports advanced deployment architectures. For more information, I recommend exploring the IBM Disconnected Log Collector Documentation
Key updates and enhancements
Below is a detailed breakdown of the updates made in this version of DLC:
1. Java 11 Support
Powered by IBM Semeru Certified Edition Java 11, DLC 2.0.0 delivers improved performance, optimized memory management, and enhanced security compliance.
To support this modernization, the following connectors and their respective protocols were updated. It is recommended to use their respective updated protocol versions in IBM QRadar SIEM for optimal performance and compatibility.
2. Expanded Connector Coverage
With DLC 2.0.0, we have introduced seven new connectors, expanding the total coverage to over 40+ connectors. This broadens IBM QRadar SIEM Integration capabilities, enabling support for a wider range of log sources and diverse deployment environments.
This expansion enhances DLC’s flexibility in hybrid, on-premises, and cloud environments.
3. Strengthened Security
We have implemented several security updates across multiple connectors. These include targeted code improvements and enhancements that strengthen DLC’s overall security posture, reduce risk exposure, and align with IBM’s secure API communication standards. This ensures a more secure foundation for customers managing sensitive data in disconnected or controlled network environments.
4. AWS SDK v2 Upgrade
The DLC connectors that integrate with AWS have been upgraded to use AWS SDK v2, replacing the previous v1 version. Amazon has announced that AWS SDK v1 will reach end-of-life by the end of 2025, and IBM QRadar SIEM remains aligned with industry standards as reflected in this announcement. By upgrading the SDK in DLC connectors, IBM ensures that AWS integrations remain secure, stable, and fully compatible. This also enables customers to take advantage of the latest AWS services and innovations, maintaining an up-to-date, future-ready environment.
Key benefits of this upgrade include:
- Enhanced performance and dependency management
- Improved security and long-term support
- Optimized SQS polling, reducing unnecessary requests and lowering costs
This enhancement in below connectors and their respective protocols ensures DLC continues to support the latest AWS services and regions without disruption.
5. Azure SDK Updates
The Azure-related connectors have been updated to include the latest Azure SDK dependencies. This enhancement was prioritized to strengthen customer environments, improve overall SDK stability, and maintain secure, compliant integrations.
6. Multiple Connectors updated to align with enhancements
The SMBTail and its dependent connectors have been updated to align with the latest enhancements and improved regulatory compliance.
These are just a few highlights of this release. The package includes many more enhancements that make upgrading truly worthwhile. We recommend that our customers upgrade to IBM DLC 2.0.0 to take full advantage of these improvements.
If you need any additional support, please raise your query in the IBM Support Portal
If you have suggestions or ideas, kindly submit them through the IBM Ideas Portal
You can stay informed by subscribing to the IBM Security YouTube channel
Feel free to like this blog, follow us for more updates, and share your comments. Your feedback helps us decide what topics to cover next for IBM QRadar SIEM Integrations
| Author : |
Neha Singh |
| Reviewer : |
Boudhayan Chakrabarty, Mehul Chauhan |
Additional Resources:
IBM DLC Documentation : IBM Documentation: Disconnected Log Collector
IBM QRadar SIEM Documentation : IBM QRadar Official Documentation
IBM Semeru Certified Edition Java : IBM Semeru Runtimes