![]() The Protocol only serves to get the data ingested, you'll of course need a custom DSM to parse the data.Multi-line logs such as stack traces give you lots of very valuable information for debugging and troubleshooting application problems. No new services or software on that device, just uses Windows file sharing. With file names that sort out with names like I described, the protocol keeps track of where it is at the Event Collector doing the polling (where the Log Source is assigned when deployed).įor a Windows source, you would likely define a dedicated user having appropriate permissions on the share for the directory where the files can be found. The batch intervals are configurable, down to about 10 minutes as I recall. Basically, it's for batch polling applications. Take a look at the Log File Protocol to have QRadar ingest that data - it's made for just this use case. If it's a file that you can move around, then that suggests to me that it's maybe a periodic thing? Maybe every hour or some similar arrangement? Rolling text files that are maybe named with a date/timestamp as part of the name? If you need help or have a subreddit suggestion, send a note to /u/JonathanP_QRadar.Be kind to one another, everyone is here to help out.There is no such thing as a bad question.This subreddit is not a substitution for direct QRadar Support assistance / cases.Do not post logs from appliances, pastebin links, or use any identifiable information in this subreddit.For previous QRadar Open Mic sessions, see Open Mic List.For QRadar events, see the IBM Community Event Calendar.If you ask a question, always include your QRadar version with your question. ![]() ![]() This page is moderated by QRadar Support. ![]() A place for administrators to talk about QRadar, share information, ask questions, and learn. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |