I'm on an enterprise edition trial, we've current got logs being pushed into a time series database using fluentd but I'm also wanting to push the logs into IBM QRadar, but I'm struggling.

Has anyone achieved this? Any assistance with config would be perfect.

Thanks in advance.

AskedMay 20, 2019 - 2:55pm

Answer (1)

This is dependent on how your QRadar is configured to accept logs. It could be as simple as adding a new om_udp Output module and updating your Route to include the new Output.
There is an example in the manual of using LEEF https://nxlog.co/documentation/nxlog-user-guide/xm_leef.html .