Log File log source parameters for Salesforce Security Auditing
If QRadar does not automatically detect the log source, add a Salesforce Security Auditing log source on the QRadar Console by using the Log File protocol.
When using the Log File protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect Log File
events fromSalesforce Security Auditing:
Parameter | Value |
---|---|
Log Source type | Salesforce Security Auditing |
Protocol Configuration | Log File |
Event Generator | RegEx Based Multiline |
Start Pattern | (\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{2}:\d{2} \w+) |
End Pattern | Ensure that this parameter remains empty. |
Date Time RegEx | (\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{2}:\d{2} \w+) |
Date Time Format | dd/MM/yyyy hh:mm:ss z |
For a complete list of Log File protocol parameters and their values, see Log File protocol configuration options.