IBM Security QRadar

 View Only
Expand all | Collapse all

Please tell the Best method to capture log file in Windows for Qradar.

  • 1.  Please tell the Best method to capture log file in Windows for Qradar.

    Posted Sun July 19, 2020 05:40 AM

    please tell us the best method to capture logfile in Windows for Qradar.

    I prefer to use an agent if possible to forward the logs to Qradar as and when the file is updated.



    ------------------------------
    StarLink Support
    ------------------------------


  • 2.  RE: Please tell the Best method to capture log file in Windows for Qradar.

    Posted Mon July 20, 2020 03:57 AM
    Hi,

    You have several options

    - because this is a Qradar discussion, I suppose you have WinCollect already on that machine, so you can add Universal DSM with Wincollect File Forward protocol. I think this is the easiest way
    - if you already using some kind of syslog solution where you have syslog agent for windows (syslog-ng for windows, nxlog etc), you can use that as well to forward the contents of that file. 

    Please note, if the logs in that file is multiline, it will give some additional complexity to your project, but the mentioned products can be utilized for that as well. Syslog-ng / Syslog-ng for windows is not as good on this platform than nxlog and I'm sure you can find some free/shareware solution if needed, but those are most of the time are very poorly designed and lack of functionality (based on some very old code)

    L:

    ------------------------------
    Laszlo Pal
    ------------------------------