MQ protocol configuration options
To receive messages from a message queue (MQ) service, configure a log source to use the MQ protocol. The protocol name displays in IBM QRadar as MQ JMS.
IBM MQ is supported.
The MQ protocol is an outbound/active protocol that can monitor multiple message queues, up to a maximum of 50 per log source.
| Parameter | Description |
|---|---|
| Protocol Name | MQ JMS |
| Log Source Identifier |
Type a unique name for the log source. The Log Source Identifier can be any valid value and does not need to reference a specific server. It can also be the same value as the Log Source Name. If you have more than one configured MQ log source, ensure that you give each one a unique name. |
| IP or Hostname | The IP address or host name of the primary queue manager. |
| Port | The default port that is used for communicating with the primary queue manager is 1414. |
| Standby IP or Hostname | The IP address or host name of the standby queue manager. |
| Standby Port | The port that is used to communicate with the standby queue manager. |
| Queue Manager | The name of the queue manager. |
| Channel | The channel through which the queue manager sends messages. The default channel is SYSTEM.DEF.SVRCONN. |
| Queue | The queue or list of queues to monitor. A list of queues is specified with a comma-separated list. |
| Username | The user name that is used for authenticating with the MQ service. |
| Password | Optional: The password that is used to authenticate with the MQ service. |
| Incoming Message Encoding | The character encoding that is used by incoming messages. |
| Process Computational Fields | Optional: Select this option only if the retrieved messages contain computational data that is defined in a COBOL copybook. The binary data in the messages is processed according to the field definition found in the specified copybook file. |
| CopyBook File Name |
This parameter displays when Process Computational Fields is selected. The name of the copybook file to use for processing data. The CopyBook file must be placed in /store/ec/mqjms/*. |
| Event Formatter | Select the event formatting to be applied for any events that are generated from processing data containing computational fields. By default, No Formatting is used. |
| Include JMS Message Header | Select this option to include a header in each generated event containing JMS message fields such as the JMSMessageID and JMSTimestamp. |
| EPS Throttle |
The maximum number of events per second that QRadar ingests. If your data source exceeds the EPS throttle, data collection is delayed. Data is still collected and then it is ingested when the data source stops exceeding the EPS throttle. |