Apache Kafka log source parameters for IBM Cloud Activity Tracker
If IBM® QRadar® does not automatically detect the log source, add an IBM Cloud® Activity Tracker log source on the QRadar Console by using the Apache Kafka protocol.
When you use the Apache Kafka protocol, there are specific parameters that you must configure.
|Log Source type||IBM Cloud Activity Tracker|
|Protocol Configuration||Apache Kafka|
|Log Source Identifier||
Type a unique name for the log source.The Log Source Identifier can be any valid value and does not need to reference a specific server. The Log Source Identifier can be the same value as the Log Source Name. If more than one IBM Cloud Activity Tracker log source is configured, you might want to identify the first log source as ibmactivitytracker1 and the second log source as ibmactivitytracker2.
|Bootstrap Server List||The kafka_brokers_sasl field value from the JSON object text that you noted when you completed the Configuring IBM Cloud Activity Tracker to communicate with QRadar procedure.|
|Use SASL Authentication||Enabled|
|SASL Username||The user field value from the JSON object text that you noted when you completed the Configuring IBM Cloud Activity Tracker to communicate with QRadar procedure.|
|SASL Password||The password field value from the JSON object text that you noted when you completed the Configuring IBM Cloud Activity Tracker to communicate with QRadar procedure.|
For a complete list of Apache Kafka protocol parameters and their values, see Apache Kafka protocol configuration options.
- If you are a QRadar
on-premises user, to add the certificate to the
/opt/qradar/conf/trusted_certificates/ directory, you need to run the
getcert.sh command in the /opt/qradar/getcert.sh directory.
Run the following
/opt/qradar/bin/getcert.sh <Kafka URL>
The <Kafka URL> is similar to m4ydv39cxnxjm4pq.svc02.us-east.eventstreams.cloud.ibm.com.
- If you are a QRadar on Cloud user, contact IBM support and open a support case to get the renewed certificate placed in the truststore.
For more information about IBM Event Streams certificates, see the IBM Event Streams documentation (https://ibm.github.io/event-streams/getting-started/connecting/).