IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Collect Logs from Azure Log Analytics Workspace

  • 1.  Collect Logs from Azure Log Analytics Workspace

    Posted Wed October 19, 2022 07:01 PM
    Hello 

    I am brand new to QRadar. I have been tasked with pulling logs from Azure Log Analytics Workspace to QRadar. The group using the Analytics Workspace is not using the Azure Event Hub. They are requesting we pull the logs as syslog in to QRadar. I have created a log source with the Log Source Type Microsoft Azure Platform and the Protocol Type of Syslog. However no events are pulling in. I have tried to update the source to be a Log Source Type of Universal DSM and Protocol Type of Syslog and still no events are pulling in. 

    Has anyone completed this type of configuration? If so, would you be able to shed some light on how to complete this setup? I have not had to setup a log source yet so the more detail, the better. 

    Thank you!

    Jeannie

    ------------------------------
    Jeannie Burrell
    ------------------------------


  • 2.  RE: Collect Logs from Azure Log Analytics Workspace

    Posted Mon October 24, 2022 11:33 AM
    Edited by Stephanie Wilkerson Mon October 24, 2022 11:36 AM

    Hi Jeannie, I am moving your question over to the QRadar community, where you might find a SME to answer more quickly (https://community.ibm.com/community/user/security/communities/community-home?CommunityKey=f9ea5420-0984-4345-ba7a-d93b4e2d4864).

    Thank you for posting your question on IBM Communities!



    ------------------------------
    Stephanie Wilkerson
    IBM
    ------------------------------

    Original Message


Related Content