Log File log source parameters for Salesforce Security Auditing

If QRadar does not automatically detect the log source, add a Salesforce Security Auditing log source on the QRadar Console by using the Log File protocol.

When using the Log File protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Log File events fromSalesforce Security Auditing:
Table 1. Log File log source parameters for the Salesforce Security Auditing DSM
Parameter Value
Log Source type Salesforce Security Auditing
Protocol Configuration Log File
Event Generator RegEx Based Multiline
Start Pattern (\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{2}:\d{2} \w+)
End Pattern Ensure that this parameter remains empty.
Date Time RegEx (\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{2}:\d{2} \w+)
Date Time Format dd/MM/yyyy hh:mm:ss z

For a complete list of Log File protocol parameters and their values, see Log File protocol configuration options.