Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add QRadar exporter #1866

Merged
merged 2 commits into from
Sep 20, 2024
Merged

feat: Add QRadar exporter #1866

merged 2 commits into from
Sep 20, 2024

Conversation

shazlehu
Copy link
Contributor

@shazlehu shazlehu commented Sep 19, 2024
edited
Loading

Proposed Change

Adds QRadar exporter.

Test by using the following custom destination:

qradar:
    raw_log_field: body
    retry_on_failure:
        enabled: false
    sending_queue:
        enabled: false
    syslog:
        endpoint: qr75-appliance.bluemedora.localnet:514
        transport: udp

Send a JSON payload from Telemetry generator.

  • Log into QRadar at http://qr75-appliance.bluemedora.localnet
  • Select "Admin" from the Tabs
  • Select "Log Sources" from the "Data Sources" section
  • Select "Events" from the "..." menu on the "SIM Generic Log DSM-7 :: qr75-appliance" line
  • Logs should appear there, double-clicking a line should show the correct payload
Checklist
  • Changes are tested
  • CI has passed

@shazlehu shazlehu force-pushed the samhazlehurst/bpop-804-duplicate-secopsforwarder-exporter-for-qradar branch from fa6a74b to 66a980c Compare September 19, 2024 16:31
@shazlehu shazlehu marked this pull request as ready for review September 19, 2024 16:44
BinaryFissionGames
BinaryFissionGames requested changes Sep 19, 2024
View reviewed changes
exporter/qradar/README.md Outdated Show resolved Hide resolved
exporter/qradar/README.md Outdated Show resolved Hide resolved
@shazlehu shazlehu force-pushed the samhazlehurst/bpop-804-duplicate-secopsforwarder-exporter-for-qradar branch from 3d80e4e to 998e316 Compare September 20, 2024 13:16
BinaryFissionGames
BinaryFissionGames approved these changes Sep 20, 2024
View reviewed changes
Copy link
Member

@BinaryFissionGames BinaryFissionGames left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Working well for me 👍

@shazlehu shazlehu merged commit 72a1ed9 into release/v1.61.0 Sep 20, 2024
15 checks passed
@shazlehu shazlehu deleted the samhazlehurst/bpop-804-duplicate-secopsforwarder-exporter-for-qradar branch September 20, 2024 14:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BinaryFissionGames BinaryFissionGames BinaryFissionGames approved these changes

@dpaasman00 dpaasman00 Awaiting requested review from dpaasman00 dpaasman00 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shazlehu @BinaryFissionGames