Logging in QRadar using REST API

api c# logs

I have a requirement to send custom logs from my .Net application to qradar. What are the options for it. Does qradar REST API support the logging feature?

  DietgerBahn
    Re: Logging in QRadar using REST API


    Hello Ashok,

    ingesting logs via the RESTful API is simply not possible to date. Logs have to go through and processed by the Event Pipeline and Magistrate by architecture. However, non QRadar supported log sources - as one possible option - could be gathered by the SDI (Security Directory Integrator) for example. SDI then is capable to generating syslog formatted logs and forward those to a QRadar Event Collector/Processor.

    HTH and regards,
    Dietger Bahn

  JonathanPechtaIBM
    Re: Logging in QRadar using REST API


    QRadar has a number of protocols that can be used to listen for or active retrieve event data from applications, appliances, databases, etc. The most common methods of retrieving event data is Syslog, Log File protocol (flat file), SMB (Samba), JDBC, or many more. If you do not offer a streaming option like Syslog, you can write data to a flat file and QRadar can go reach out and retrieve the data using FTP, SCP, or SFTP.

    Alternately, if you have a Linux system that you application is running on you could use Tail2Syslog to forward this data if it is written to a log file.


