Testing log sources
In IBM® QRadar® 7.3.2. Fix Pack 3 or later, test your log source configuration in the QRadar Log Source Management app to ensure that the parameters that you used are correct. The test runs from the host that you specify in the Target Event Collector setting, and can collect sample event data from the target system. The target system is the source of your event data.
To download a Fix Pack, go to Fix Central (https://www-945.ibm.com/support/fixcentral/).
- In the QRadar Log Source Management app, select a log source.
On the Log Source Summary pane, click the Test tab,
then click Start Test.
If there is high network latency between the QRadar Console and the log source's Target Event Collector, it might take a moment for the results to appear.When the test is successful, checkmarks are displayed next to each of the results and sample event information is generated. If the test is not successful, an X is displayed next to the result that failed, and no sample event information is generated. When one result fails, the test of the other results is canceled.
- Optional: If the test is not successful, click
Edit to configure the parameter that caused the test to fail and test your
log source again. Click the drop-down arrow next to the failed result for more information about the error.
- Optional: Click the Download icon to view the test results in a .txt file.
- Click Close.