IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

QRadar read logs from a file

1. QRadar read logs from a file

Like
Davin Ardian
Posted Wed April 07, 2021 12:18 AM

Reply
Hi Everyone,

Hope you all are doing well. I have a question, does anyone tried in the QRadar to grab and read logs from a file?

Thank you.

------------------------------
Davin
------------------------------
2. RE: QRadar read logs from a file

Like
Harald Dunkel
Posted Thu April 08, 2021 01:56 AM

Reply
Hello Davin,

there are many Log Sources reading from files.
Microsoft DNS Debug for example or Exchange log files. Or Microsoft Windows Security Event Log from a NatApp ...
So which log file do you mean?

Regards,
Harald

------------------------------
Harald Dunkel
IT-Security Engineer
Baden-Württembergische Versorgungsanstalt für Ärzte, Zahnärzte und Tierärzte
------------------------------

Original Message
3. RE: QRadar read logs from a file

Like
Mario Sebastiani
Posted Thu April 08, 2021 02:18 AM

Reply
Hello Davin,
I tried and I was successful. Of course it depends on the environment, on the file content, its format and so on.
What are you trying to accomplish ?

Best regards,
Mario

------------------------------
Mario Sebastiani
------------------------------

Original Message
4. RE: QRadar read logs from a file

Like
Frank Eargle

IBM Champion
Posted Thu April 08, 2021 07:49 AM

Reply
Yes, you can use the "file" protocol to pull files from SMB/CIFS, FTP, SCP etc. Just choose the DSM for the file type or use universal then the protocol you want to use.

------------------------------
Frank Eargle
------------------------------

Original Message
5. RE: QRadar read logs from a file

Like
Mark Malki
Posted Thu April 08, 2021 10:30 AM

Reply
Davin

Yes I use it currently and has used it in the past,
why do you ask?

Mark

------------------------------
Mark Malki
------------------------------

Original Message

IBM QRadar

QRadar read logs from a file

Davin ArdianWed April 07, 2021 12:18 AM

Harald DunkelThu April 08, 2021 01:56 AM

Mario SebastianiThu April 08, 2021 02:18 AM

Frank EargleThu April 08, 2021 07:49 AM

Mark MalkiThu April 08, 2021 10:30 AM

1. QRadar read logs from a file

2. RE: QRadar read logs from a file

3. RE: QRadar read logs from a file

4. RE: QRadar read logs from a file

5. RE: QRadar read logs from a file

Additional
Resources

Office

Quick Links

IBM QRadar

QRadar read logs from a file

Davin ArdianWed April 07, 2021 12:18 AM

Harald DunkelThu April 08, 2021 01:56 AM

Mario SebastianiThu April 08, 2021 02:18 AM

Frank EargleThu April 08, 2021 07:49 AM

Mark MalkiThu April 08, 2021 10:30 AM

1. QRadar read logs from a file

2. RE: QRadar read logs from a file

3. RE: QRadar read logs from a file

4. RE: QRadar read logs from a file

5. RE: QRadar read logs from a file

Additional Resources

Office

Quick Links

Additional
Resources