Amazon AWS Application Load Balancer Access Logs

The QRadar® product data source type for Amazon Application Load Balancer Access Logs collects access logs from Amazon AWS Application Load Balancers. The logs are collected in an Amazon S3 bucket by a Simple Queue Service (SQS) queue.

To integrate Amazon Application Load Balancer Access Logs with the QRadar product, complete the following steps:
  1. Configure your Amazon Application Load Balancer Access Logs application to communicate with the QRadar product. For more information, see Amazon AWS Enable access logging (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#enable-access-logging).
  2. Publish flow logs to an SQS bucket. For more information, see Publishing flow logs to an S3 bucket.
  3. Create the SQS queue that is used to receive ObjectCreated notifications, then configure S3 ObjectCreated notifications. For more information, see Create an SQS queue and configure S3 ObjectCreated notifications.
  4. Configure the security credentials for your AWS user account. For more information, see Configuring security credentials for your AWS user account.
  5. If the QRadar product does not automatically detect the data source, add an Amazon Application Load Balancer Access Logs data source in the QRadar product.

For information about adding a data source, see Adding ingestion data sources.

If you are an IBM® QRadar user, see Terminology changes for QRadar customers.