HTTP Receiver log source parameters for Cloudflare Logs
If IBM QRadar does not automatically detect the log source, add a Cloudflare Logs log source on the QRadar Console by using the HTTP Receiver protocol.
When you use the HTTP Receiver protocol, there are specific parameters that you must configure.
Parameter | Value |
---|---|
Log Source type | Cloudflare Logs |
Protocol Configuration | HTTP Receiver |
Log Source Identifier |
Type a unique name for the log source. The Log Source Identifier can be any valid value and does not need to reference a specific server. The Log Source Identifier can be the same value as the Log Source Name. If you have more than one Cloudflare Logs log source that is configured, you might want to identify the first log source as Cloudflare1, the second log source as Cloudflare2, and the third log source as Cloudflare3. |
Communication Type | HTTP or HTTPS, depending on the QRadar url that is used to integrate with QRadar. |
TLS version | TLSv1.2 |
Listen Port | The QRadar port that is used to integrate with Cloudflare and is used in the command to start the Logpush job. |
Message Pattern | .* |
For a complete list of HTTP Receiver protocol parameters and their values, see HTTP Receiver protocol configuration options.