What's new in the QRadar Log Source Management app

Learn about the new features in each QRadar® Log Source Management app release.

Version 7.0.9

  • You can now update the name template of multiple log sources for variable @ $$LOG_SOURCE_TYPE$$.
  • Target Event Collector is no longer configurable for log sources that use the syslog protocol type.
  • Fixed security vulnerabilities.
  • Error message does not show up when users log in with a security profile that contains an empty log source group.
  • Fixed defects that caused assigning log sources to another log source group to fail.

Version 7.0.7

  • Fixed a defect that prevented you from assigning log sources to another log source group.

Version 7.0.6

  • Events dispatched by the Custom Rule Engine are not tracked in the Last Event column.
  • Internal log source types which are not expected to receive events regularly do not go to Error state due to event received timeout.
  • The Last Event column is blanked out for the Custom Rule Engine log source type.
  • The following log source types show as Not Available if they are in Error state:
    • Anomaly Detection Engine
    • Asset Profiler
    • Custom Rule Engine
    • Search Results

Version 7.0.4

  • Added annotations to log source extensions to show if the extensions have been inherited from a log source type, or if the extension is associated but is also disabled.
  • Fixed defect to show the username correctly in the sim audit log message when you delete log sources.
  • Removed link to the Log Sources window in the QRadar Console.
  • Updated nginx to 1.20.1

Version 7.0.3

  • You can now view more than three agents in the WinCollect Agent list.
  • The app provides notifications for available updates when you are directed to an internal Auto Updates server, or when there is no internet connection to QRadar available.

Version 7.0.0

View certificates from the centralized certificate store

When you are configuring the protocols for a log source, you can now view the corresponding certificates for each protocol. If the server certificates for the protocol are uploaded to the centralized certificate store, select the certificate from the Server Certificate Store Alias list.

Choose Alias from QRadar Certificate Store

If you have System Administrator permission and the IBM® QRadar Certificate Management app is installed, you can upload new certificates from the Configure the protocol parameters page of the QRadar Log Source Management app. If the QRadar Certificate Management app is not installed, you can install it from the Configure the protocol parameters page.

Get notifications when your protocols and DSMs are outdated

If your log sources are in an error state or are having parsing problems, you might be using outdated protocols or DSMs. On the QRadar Log Source Management banner, click Details to download updates from Fix Central (www.ibm.com/support/fixcentral/).

Version 6.1.0

  • Enhanced ability to edit multiple log sources at the same time.
  • You can choose to view a maximum of 1000 log sources on each page.

Version 6.0.0

  • In QRadar 7.4.0 or later, use the QRadar Log Source Management app to register or import Disconnected Log Collector instances that are installed in your environment. You can configure your log sources in the app, which is much faster than by using the Disconnected Log Collector's JSON config file.

    Disconnected Log Collector Management

  • Edit the parameters of all of your log sources at the same time. Previously, you could only view and edit up to 1000 log sources at one time.

Version 5.0.1

  • This release contains internal enablement for future releases.

Version 5.0.0

  • In QRadar 7.3.2 Fix Pack 3 or later, test your log source configuration to ensure that the parameters are correct.
  • The CSV file of downloaded log sources includes a Status Messages column. You can view the status of the log source, any errors or warnings, and whether the log source is enabled or disabled.

Version 4.0.0

  • Configure the columns in the QRadar Log Source Management app window to display only the ones that you want.
  • Download selected log sources and export them to a CSV file for analysis.
  • Search by log source identifier in the Search bar.
  • Enhanced search filtering by coalescing events.

Version 3.0.0

  • Save time by creating, configuring, or deleting multiple log sources at the same time.
  • Quickly create log sources in one convenient screen, instead of in multiple screens.
  • View the QRadar log activity of selected log sources.
  • Configure log sources with undocumented protocols.
  • Enhanced search filtering by:
    • log source extensions
    • Other log sources that are not in a group
    • unassigned Target Event Collectors

Version 2.0.0

  • View and edit parameters from multiple log sources at the same time.

Version 1.0.1

  • Enabled better compatibility with QRadar Assistant app.

Version 1.0.0

  • Enhanced filtering capabilities help make it easier for you to find specific log sources, possibly among thousands that you have in your deployment.
  • A simple workflow that you use to quickly create log sources.
  • You can now view and edit log source details from the Filter area without losing your current page or filter criteria.