IBM Security QRadar

Expand all | Collapse all

QRadar read logs from a file

  • 1.  QRadar read logs from a file

    Posted 15 days ago
    Hi Everyone,

    Hope you all are doing well. I have a question, does anyone tried in the QRadar to grab and read logs from a file?

    Thank you.

    ------------------------------
    Davin
    ------------------------------


  • 2.  RE: QRadar read logs from a file

    Posted 14 days ago
    Hello Davin,

    there are many Log Sources reading from files.
    Microsoft DNS Debug for example or Exchange log files. Or Microsoft Windows Security Event Log from a NatApp ...
    So which log file do you mean?

    Regards,
    Harald

    ------------------------------
    Harald Dunkel
    IT-Security Engineer
    Baden-Württembergische Versorgungsanstalt für Ärzte, Zahnärzte und Tierärzte
    ------------------------------



  • 3.  RE: QRadar read logs from a file

    Posted 14 days ago
    Hello Davin,
    I tried and I was successful. Of course it depends on the environment, on the file content, its format and so on.
    What are you trying to accomplish ?

    Best regards,
    Mario

    ------------------------------
    Mario Sebastiani
    ------------------------------



  • 4.  RE: QRadar read logs from a file

    Posted 14 days ago
    Yes, you can use the "file" protocol to pull files from SMB/CIFS, FTP, SCP etc.  Just choose the DSM for the file type or use universal then the protocol you want to use.

    ------------------------------
    Frank Eargle
    ------------------------------



  • 5.  RE: QRadar read logs from a file

    Posted 14 days ago
    Davin

    Yes I use it currently and  has used it in the past,
    why do you ask?

    Mark

    ------------------------------
    Mark Malki
    ------------------------------