It looks like you could use the /opt/qradar/bin/logrun.pl
logrun.pl [-d <host>] [-p <port>] [-f filename] [-u <IP>] [-l] [-t] [-b] [-n NAME] [-v] <messages per second>
Options:
-d : destination syslog host (default 127.0.0.1)
-p : destination port (default 514)
-f : filename to read (default readme.syslog)
-b : burst the same message for 20% of the delay time
-t : use TCP instead of UDP for sending syslogs
-v : verbose, display lines read in from file
-n : use NAME for object name in syslog header
-l : loop indefinately
-u : use this IP as spoofed sender (default is NOT to send IP header)
------------------------------
Dusan VIDOVIC
------------------------------
Original Message:
Sent: Fri June 21, 2019 10:19 AM
From: Johan López
Subject: Load logs to Qradar
Hi
I'm triying to load some logs from a txt archive to qradar, does someone know how can i do that?
I want to try parse some logs from a unsupported platform with the DSM editor in my test enviroment
Thanks for the help
------------------------------
Johan López
------------------------------