Marek,
unfortunately graylog is not supported by anybody. Pls use search mask at AppXchange for actual results https://exchange.xforce.ibmcloud.com/hub/?q=graylog&br=QRadar,Resilient
Documentation for existing DSMs are at https://www.ibm.com/docs/en/qsip/7.5
The way to go is to develop your own custom DSM using DSMedit. There is a course available at https://www.ibm.com/training/course/qradar-custom-event-properties-event-coalescing-and-forwarding-SLA6650
Of course you can follow all my discussion entries at https://community.ibm.com/community/user/security/communities/community-home/digestviewer?communitykey=f9ea5420-0984-4345-ba7a-d93b4e2d4864
where you find more links to relevant websites. Alternatively goto https://community.ibm.com/community/user/security/viewdocument/using-dsm-editor-for-overriding-unk?CommunityKey=f9ea5420-0984-4345-ba7a-d93b4e2d4864&tab=librarydocuments
describing a sample for a PAN device. Check youtube for Jose Bravo Qradar videos which are great.
BTW Google says: QRadar's TCP Syslog max payload size default value is 4096. It is recommended to increase it to at least double, or in the best case to 32000. Some alerts exceed 4k, which prevents them from logging correctly in QRadar.
------------------------------
[Karl] [Jaeger] [#ibmchampion]
[QRadar Specialist]
[cnag]
[Siegen] [Germany]
------------------------------
Original Message:
Sent: Wed February 19, 2025 05:21 AM
From: Marek Kościelny
Subject: Connecting Graylog to IBM Qradar
Hello
How do I connect open source graylog to IBM Qradar?
What is the maximum data that can be sent to Qradar?