QRadar logging

Use this command to configure logging for IBM QRadar.

Get external log information

An ExternalLog object represents the configuration for sending log files to an external system. The configuration has the address of the system to which the log files are sent and the list of logging categories that are enabled.

The address is an IPv4 IP address.
The categories include Cloud Pak System Software log files, security log files, system log files, and Workload Deployer log files. The categories are represented by the keys that are returned from a call to the function getAvailableCategories().

If the address or the list of categories are an empty string or None, then QRadar logging is not enabled.

Format:

admin.externallog

Get available categories

Returns a map of available logging categories. Each map entry has the following information:

A key, which identifies the category.
A description (optional), which is a list of entries.

No parameter is required for this method.

Format:

admin.externallog.getAvailableCategories()

Output example:

{'description': '/var/log, /var/log/purescale, /drouter/ramdisk2/mnt/raid-volume/raid0', 
'label': 'All log files', 'children': 
  [{'description': u'/var/log/purescale', 'label': 'Cloud Pak System log files', 'key': 'pureapp'}, 

{'description': '/var/log/secure, access.log, audit.log', 'label': 'Security log files', 
'key': 'security'}, 

{'description': '/var/log', 'label': 'System log files', 'key': 'system'}, 

{'description': '/drouter/ramdisk2/mnt/raid-volume/raid0', 'label': 'Workload Manager log files', 
'key': 'workload'}], 'key': 'all'}

Get categories

Returns the current list of enabled categories, or an empty list if no categories are set. No parameter is required for this method.

Format:

admin.externallog.getCategories()

Output Example:

[u'security', u'system']

Set categories

Sets the current list of enabled categories. This method accepts a list of keys that identify the categories to enable. The keys are the values returned in the entries for the function getAvailableCategories(). If an empty list or None is passed in, then remote logging is not enabled.

The method returns the ID of the job that updates the categories.

Format:

admin.externallog.setCategories()

Example:

e4b5a4aa-c8f8-4d5a-9d86-83df2d426741

Get remote address

Returns the currently set remote IPv4 address or an empty string if the address is not set. No parameter is required for this method.

Format:

admin.externallog.getRemoteAddress()

Output Example:

172.16.96.6

Set remote address

Sets the current remote IPv4 address. This method accepts an IPv4 IP address. If an empty string or None is passed in, then remote logging is not enabled.

The method returns the ID of the job that updates the address.

Format:

admin.externallog.setRemoteAddress()

Example:

6e749565-6faf-45c8-907e-7e9f622403e6