IBM Security QRadar

 View Only

  • 1.  QRadar read logs from a file

    Posted Wed April 07, 2021 12:18 AM
    Hi Everyone,

    Hope you all are doing well. I have a question, does anyone tried in the QRadar to grab and read logs from a file?

    Thank you.

    ------------------------------
    Davin
    ------------------------------


  • 2.  RE: QRadar read logs from a file

    Posted Thu April 08, 2021 01:56 AM
    Hello Davin,

    there are many Log Sources reading from files.
    Microsoft DNS Debug for example or Exchange log files. Or Microsoft Windows Security Event Log from a NatApp ...
    So which log file do you mean?

    Regards,
    Harald

    ------------------------------
    Harald Dunkel
    IT-Security Engineer
    Baden-Württembergische Versorgungsanstalt für Ärzte, Zahnärzte und Tierärzte
    ------------------------------

    Original Message


  • 3.  RE: QRadar read logs from a file

    Posted Thu April 08, 2021 02:18 AM
    Hello Davin,
    I tried and I was successful. Of course it depends on the environment, on the file content, its format and so on.
    What are you trying to accomplish ?

    Best regards,
    Mario

    ------------------------------
    Mario Sebastiani
    ------------------------------

    Original Message


  • 4.  RE: QRadar read logs from a file

    IBM Champion
    Posted Thu April 08, 2021 07:49 AM
    Yes, you can use the "file" protocol to pull files from SMB/CIFS, FTP, SCP etc.  Just choose the DSM for the file type or use universal then the protocol you want to use.

    ------------------------------
    Frank Eargle
    ------------------------------

    Original Message


  • 5.  RE: QRadar read logs from a file

    Posted Thu April 08, 2021 10:30 AM
    Davin

    Yes I use it currently and  has used it in the past,
    why do you ask?

    Mark

    ------------------------------
    Mark Malki
    ------------------------------

    Original Message