Set up a log source in IBM
QRadar to use a custom log
source type or an IBM log source
type that supports the Google Cloud Pub/Sub protocol.
Before you begin
You can use the Google Cloud Pub/Sub protocol to retrieve any type of event from the Google Cloud
Pub/Sub service. IBM provides
DSMs for some Google Cloud services. Any services that don't have a DSM can be handled by using a
custom log source type.
If you want to use an existing DSM to parse data, select the Use as a Gateway Log
Source parameter option for more log sources to be created from data that is collected
by this configuration. Alternatively, if log sources are not automatically detected, you can
manually create them by using Syslog for the Protocol type parameter
option.
Procedure
-
Log in to QRadar.
- On the Admin tab, click the QRadar Log Source
Management app icon.
-
Click .
- On the Select a Log Source Type page, select a custom log source
type or an IBM log source type
that supports the Google Cloud Pub/Sub protocol.
- On the Select a Protocol Type page, from the Select
Protocol Type list, select Google Pub/Sub Protocol.
- On the Configure the Log Source parameters page, configure the log
source parameters, and then click Configure Protocol Parameters. For more
information about configuring Google Cloud Pub/Sub protocol parameters, see Adding a Google
Cloud Pub/Sub log source in QRadar.
- Test the connection to ensure that connectivity, authentication, and authorization are
working. If available, view sample events from the subscription.
- Click Test Protocol Parameters, and then click Start
Test.
- To fix any errors, click Configure Protocol Parameters, then
test your protocol again.