Igor,
the easiest way is to produce your own logdata is based on CSV exports from log activity.
Just import your exported CSV data into XLS and copy/paste your payload column into an extra ascii file which you transfer back to your qradar.
Use this syntax for logrun.pl:
/opt/qradar/bin/logrun.pl -d <ip-of-qradar> -u <ip-of-logsource> -f events/samplelog.txt 35
BR
Karl
------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------
Original Message:
Sent: Tue March 23, 2021 08:07 AM
From: Darren H.
Subject: logrun.pl utility and events/traffic samples
Hello @Igor Volkov
If you run the script from the command line, it tells you the options the tool supports. You need to get a sample syslog file of traffic.
There may be some on the host already, or you can find syslog samples online.
Good luck!
------------------------------
Darren H.
Original Message:
Sent: Tue March 23, 2021 06:54 AM
From: Igor Volkov
Subject: logrun.pl utility and events/traffic samples
Hello.
There is a sctipt logrun.pl used to generate events for QRadar but it requires events/traffic samples. Where can we take these samples?
------------------------------
Igor Volkov
------------------------------