IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
  • 1.  QRadar read logs from a file

    Posted Wed April 07, 2021 12:18 AM
    Hi Everyone,

    Hope you all are doing well. I have a question, does anyone tried in the QRadar to grab and read logs from a file?

    Thank you.

    ------------------------------
    Davin
    ------------------------------


  • 2.  RE: QRadar read logs from a file

    Posted Thu April 08, 2021 01:56 AM
    Hello Davin,

    there are many Log Sources reading from files.
    Microsoft DNS Debug for example or Exchange log files. Or Microsoft Windows Security Event Log from a NatApp ...
    So which log file do you mean?

    Regards,
    Harald

    ------------------------------
    Harald Dunkel
    IT-Security Engineer
    Baden-Württembergische Versorgungsanstalt für Ärzte, Zahnärzte und Tierärzte
    ------------------------------



  • 3.  RE: QRadar read logs from a file

    Posted Thu April 08, 2021 02:18 AM
    Hello Davin,
    I tried and I was successful. Of course it depends on the environment, on the file content, its format and so on.
    What are you trying to accomplish ?

    Best regards,
    Mario

    ------------------------------
    Mario Sebastiani
    ------------------------------



  • 4.  RE: QRadar read logs from a file

    Posted Thu April 08, 2021 07:49 AM
    Yes, you can use the "file" protocol to pull files from SMB/CIFS, FTP, SCP etc.  Just choose the DSM for the file type or use universal then the protocol you want to use.

    ------------------------------
    Frank Eargle
    ------------------------------



  • 5.  RE: QRadar read logs from a file

    Posted Thu April 08, 2021 10:30 AM
    Davin

    Yes I use it currently and  has used it in the past,
    why do you ask?

    Mark

    ------------------------------
    Mark Malki
    ------------------------------