Testing log sources
In IBM® QRadar® V7.3.2. Fix Pack 3 or later, test your log source configuration in the QRadar Log Source Management app to ensure that the parameters that you used are correct. The test runs from the host that you specify in the Target Event Collector setting, and can collect sample event data from the target system. The target system is the source of your event data.
Restriction: If the Test tab doesn’t appear for your log source,
you can't test the configuration. In QRadar V7.3.2. Fix Pack 3 and QRadar Log Source
Management app v5.0.0, only a few protocols are
updated to include test capabilities. Ensure that you install the latest version of your protocols
to get the testing capability when it is available.
To download a Fix Pack, go to Fix Central (https://www-945.ibm.com/support/fixcentral/).
Procedure
- In the QRadar Log Source Management app, select a log source.
-
On the Log Source Summary pane, click the Test tab,
then click Start Test.
If there is high network latency between the QRadar Console and the log source's Target Event Collector, it might take a moment for the results to appear.When the test is successful, checkmarks are displayed next to each of the results and sample event information is generated. If the test is not successful, an X is displayed next to the result that failed, and no sample event information is generated. When one result fails, the test of the other results is canceled.
- Optional: If the test is not successful, click
Edit to configure the parameter that caused the test to fail and test your
log source again. Click the drop-down arrow next to the failed result for more information about the error.
- Optional: Click the Settings icon to edit the Target Event Collector settings.
- Optional: Click the Download icon to view the test results in a .txt file.
- Click Close.